[nsd-users] ZONEMD-Support (was: NSD 4.3.9rc1 pre-release)
A. Schulze
sca at andreasschulze.de
Sun Dec 5 10:09:26 UTC 2021
Hi Anand!
Am 04.12.21 um 12:12 schrieb Anand Buddhdev via nsd-users:
> ZONEMD is expected to appear in the root zone next year.
ok, good to know.
> As Wouter explained, NSD is an authoritative-only server, and usually has no need to verify zones. Usually, NSD will be configured as a secondary, and XFR zones from primaries using TSIG.
so it looks like zone transfer over TCP+TLS and TSIG and DNSSEC are enough integrity checks to /assume/
data served by a secondary aren't corrupted.
well, don't sound like a strange assumption but I thought, ZONEMD was also developed as a next layer ontop.
Andreas
More information about the nsd-users
mailing list