[dns-operations] The possible problems after May 5th
regnauld at nsrc.org
Fri Apr 9 13:56:56 UTC 2010
John Payne (john) writes:
> >> Why? How does the root zone being signed affect TCP requirements for
> >> non-root name servers?
> > BIND sets DO on upstream requests even when the client doesn't.
> > So, even if your caching server doesn't ask for DNSSEC data,
> > if it's downstream of BIND (this may not be the only implementation
> > doing this), you can run into issues.
> But what does that have to do with TCP on non-root, non-DNSSEC-serving authoritative servers?
The keyword here is non-DNSSEC -- I understand the question now, but
it wasn't clear before.
More information about the dns-operations