* Florian Weimer wrote: > Interpreting NSEC data allows to do this in a rather safe way. It is > currently not allowed based on the DNSSEC spec. I think the spec > should be changed. Experience from DLV resolvers (which are encouraged to agressivly exploit NSEC) shows, that that would be a very good idea?