[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: where is the DNSSEC root key?

On Fri, 05 Oct 2012, Peter Samuelson wrote:

> > However since all DNS servers are generally meant to use port 53, I
> > think it's unlikely to install more than one DNS server locally, so
> > I'm not sure if doing this makes sense from a packaging perspective.
> > [I can see how it does from an administration perspective.]
> It's actually not uncommon to run, e.g., rbldnsd on a nonstandard port,
> and a full nameserver on port 53, which forwards queries to it.  Now
> that's not directly related, as rbldnsd will never need to know the
> DNSSEC root keys ... but I'm just saying.  It is quite possible that
> somebody will want to run a recursive nameserver and an authoritative
> nameserver, different packages, on the same host.  I wouldn't bother
> with that, mind you.

Well, for instance the .debian.org authoritative nameservers we run all
also have a local unbound installed as their local recursor.

unbound binds to localhost:53, bind9 to all the other addresses of a

I don't think it's all that strange a setup.

                           |  .''`.       ** Debian **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

Reply to: