Re: where is the DNSSEC root key?
On Fri, 05 Oct 2012, Peter Samuelson wrote:
> > However since all DNS servers are generally meant to use port 53, I
> > think it's unlikely to install more than one DNS server locally, so
> > I'm not sure if doing this makes sense from a packaging perspective.
> > [I can see how it does from an administration perspective.]
> It's actually not uncommon to run, e.g., rbldnsd on a nonstandard port,
> and a full nameserver on port 53, which forwards queries to it. Now
> that's not directly related, as rbldnsd will never need to know the
> DNSSEC root keys ... but I'm just saying. It is quite possible that
> somebody will want to run a recursive nameserver and an authoritative
> nameserver, different packages, on the same host. I wouldn't bother
> with that, mind you.
Well, for instance the .debian.org authoritative nameservers we run all
also have a local unbound installed as their local recursor.
unbound binds to localhost:53, bind9 to all the other addresses of a
I don't think it's all that strange a setup.
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/