[dns-operations] BIND version and NSEC3
Jaap Akkerhuis
jaap at NLnetLabs.nl
Fri May 15 20:30:40 UTC 2009
Hi Ed,
Well, I thought the same. But I am interested in what roadblocks
there are to DNSSEC deployment.
One thing I've noted - delegation-only. Another case of mucking with
the protocol that has come back to haunt us. ;) What were once
"delegation-only" zones are proving not to be thanks to the DS
resource record. That I think is salient.
(Had to look up "salient", but yes) I do agree. As some people know
I once had the idea to stamp out the use of delegation-only as much
as possible. However, by the time root-delegation-only got added I
realized that that battle was lost before it started.
Anyway, this observation explains why other validating reolvers
didn't reported this problem since they don;t do the delegation-oly
(or similar) thing.
jaap
More information about the dns-operations
mailing list