[dns-operations] The possible problems after May 5th
Phil Regnauld
regnauld at nsrc.org
Fri Apr 9 13:56:56 UTC 2010
John Payne (john) writes:
>
> >> Why? How does the root zone being signed affect TCP requirements for
> >> non-root name servers?
> >
> > BIND sets DO on upstream requests even when the client doesn't.
> > So, even if your caching server doesn't ask for DNSSEC data,
> > if it's downstream of BIND (this may not be the only implementation
> > doing this), you can run into issues.
>
> But what does that have to do with TCP on non-root, non-DNSSEC-serving authoritative servers?
The keyword here is non-DNSSEC -- I understand the question now, but
it wasn't clear before.
More information about the dns-operations
mailing list