[dns-operations] DNSSEC on host listed in MNAME

Alexander Mayrhofer alexander.mayrhofer at nic.at
Tue Dec 23 09:20:26 UTC 2014


i've been trying to find guidance whether or not the host listed in the MNAME field of the SOA record is required to have the respective zone signed (when it is signed on the authoritative servers, and a secure delegation exists at the parent)? I understand the MNAME host is not queried under normal operational circumstances, but is there any formal text?

This situation obviously arises in situations where "bump in the wire"-signing between a customers own nameserver and an external nameserver network is used..

Pointers appreciated :)


More information about the dns-operations mailing list