[dns-operations] The possible problems after May 5th
John Payne
john at sackheads.org
Fri Apr 9 12:43:39 UTC 2010
On Apr 9, 2010, at 7:35 AM, Phil Regnauld wrote:
> Matthew Dempsky (matthew) writes:
>>
>> Why? How does the root zone being signed affect TCP requirements for
>> non-root name servers?
>
> BIND sets DO on upstream requests even when the client doesn't.
> So, even if your caching server doesn't ask for DNSSEC data,
> if it's downstream of BIND (this may not be the only implementation
> doing this), you can run into issues.
But what does that have to do with TCP on non-root, non-DNSSEC-serving authoritative servers?
More information about the dns-operations
mailing list