[nsd-users] ZONEMD-Support (was: NSD 4.3.9rc1 pre-release)

A. Schulze sca at andreasschulze.de
Sun Dec 5 10:09:26 UTC 2021

Hi Anand!

Am 04.12.21 um 12:12 schrieb Anand Buddhdev via nsd-users:
> ZONEMD is expected to appear in the root zone next year. 

ok, good to know.

> As Wouter explained, NSD is an authoritative-only server, and usually has no need to verify zones. Usually, NSD will be configured as a secondary, and XFR zones from primaries using TSIG.
so it looks like zone transfer over TCP+TLS and TSIG and DNSSEC are enough integrity checks to /assume/
data served by a secondary aren't corrupted.

well, don't sound like a strange assumption but I thought, ZONEMD was also developed as a next layer ontop.


More information about the nsd-users mailing list