[dns-operations] Unplanned DLV zone outage on 2009-Apr-06
Lutz Donnerhacke
lutz at iks-jena.de
Wed Apr 15 07:21:08 UTC 2009
On Wed, Apr 15, 2009 at 11:42:46AM +1000, Mark Andrews wrote:
> * Lutz Donnerhacke writes:
> > * Jeremy C. Reed wrote:
> > > What happens if the unknowing zone decided to become unsigned but the DLV
> > > still indicates that it should be signed? (Due to no relationship and
> > > communication with the DLV.)
> >
> > That's a main problem, if RFC 5011 is not applied by the registrant.
> > DLVs are a simple part of this mine field. The various trustman
> > implementations out there are the unpredictable part.
>
> RFC 5011 is not needed in a DLV/parent relationship.
> RFC 5011 is useful in one-to-unknown.
The question above is about a DLV without any relationship with the
registrant. Therefor RFC 5011 applies.
OTOH even your(ISC) DLV is going to deploy RFC 5011.
More information about the dns-operations
mailing list