[dns-operations] The possible problems after May 5th

Phil Regnauld regnauld at nsrc.org
Fri Apr 9 13:56:56 UTC 2010

John Payne (john) writes:
> >> Why?  How does the root zone being signed affect TCP requirements for
> >> non-root name servers?
> > 
> > 	BIND sets DO on upstream requests even when the client doesn't.
> > 	So, even if your caching server doesn't ask for DNSSEC data,
> > 	if it's downstream of BIND (this may not be the only implementation
> > 	doing this), you can run into issues.
> But what does that have to do with TCP on non-root, non-DNSSEC-serving authoritative servers?

	The keyword here is non-DNSSEC -- I understand the question now, but
	it wasn't clear before.

More information about the dns-operations mailing list