[dns-operations] The possible problems after May 5th

John Payne john at sackheads.org
Fri Apr 9 12:43:39 UTC 2010


On Apr 9, 2010, at 7:35 AM, Phil Regnauld wrote:

> Matthew Dempsky (matthew) writes:
>> 
>> Why?  How does the root zone being signed affect TCP requirements for
>> non-root name servers?
> 
> 	BIND sets DO on upstream requests even when the client doesn't.
> 	So, even if your caching server doesn't ask for DNSSEC data,
> 	if it's downstream of BIND (this may not be the only implementation
> 	doing this), you can run into issues.


But what does that have to do with TCP on non-root, non-DNSSEC-serving authoritative servers?


More information about the dns-operations mailing list