[dns-operations] All dual-stack DNS servers - any problem with it?
paul at vix.com
Wed May 16 16:27:26 UTC 2007
> You can see, that the additional section is not signed, with renders the
> provided glue almost useless: we have to requery the glue from the root
> server, but do not get it signed!
no, you do not have to requery anything. read the rfc's.
> All we can get is a signed DS-record, and have to check the trust chain
> If we limit the DNS size to 512 bytes, the results are frustrating: Every
> possible response is truncated, because the RRSIG is too long.
dnssec requires edns.
More information about the dns-operations