On 1/17/2015 12:31 PM, Viktor Dukhovni
wrote:
The only down side that I see is that the aliases will not themselves be
using DNSSEC. I am not sure this matters as "real" services will.
I don't see why this follows. A CNAME from a signed into another signed
zone "uses DNSSEC".
"from a signed into another signed" neither klam.biz or .com will be
in themselves signed, they will inherit the signing of klam.ca.
I did wonder about adding both a dname and a cname for klam.com
might work.
Something like:
klam.com IN DNAME klam.ca # this handles
the subtree of klam.com
klam.com IN CNAME klam.ca # this handles klam.com itself
I have not tried it and my guess is that if it even passes validity
checks it will produce unexpected consequences.
In the mean time I will stick to the single zone file for the
moment.
Thanks on and all
--
John Allen
KLaM
------------------------------------------
How many of you believe in telekinesis? Raise my hand...