[dns-operations] Validation direction (Was: Re: Org Dnskey TTL)

Edward Lewis Ed.Lewis at neustar.biz
Tue Apr 20 14:47:03 UTC 2010

At 10:22 -0400 4/20/10, Andrew Sullivan wrote:
>On Tue, Apr 20, 2010 at 10:14:53AM -0400, Joe Abley wrote:
>>  It had not actually occurred to me that anybody would think 
>>bottom-up was a good idea.
>Me either.  That doesn't mean someone won't do it as their standard
>practice!  I know that libsresolv does bottom-up.  It's the only one
>so listed on http://www.dnssec.net/software.

My, my, how far the flock as strayed!

If all the validators are resolving downward, then now I understand 
all the bugs we've seen in the past few rounds of DNSSEC code drops.

This explains a lot of the issues we've seen lately.  Unknown 
algorithm bugs, conflicts between trust anchors and live keys, to 
name two.
Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Wouldn't it be nice if all of the definitions of equivalence were the same?

More information about the dns-operations mailing list