[dns-operations] Org Dnskey TTL
Phil Regnauld
regnauld at nsrc.org
Tue Apr 20 13:45:10 UTC 2010
Andrew Sullivan (ajs) writes:
> On Tue, Apr 20, 2010 at 09:38:18PM +1000, Mark Andrews wrote:
> > No. The fetching of DNSKEY is unrelated to the number of child
> > zone that are signed. The DNSKEY is used to verify the contents
> > of the ORG zone not its children.
>
> Except that, of course, if you're validating your way up the chain you
> will validate .org more often as more zones inside it are signed, no?
That's a valid observation of the popularity of a given zone, but not to
be confused with a protocol requirement.
Cheers,
Phil
More information about the dns-operations
mailing list