[dns-operations] Online DNSSEC debugging tool now availalbe

Andrew Sullivan ajs at shinkuro.com
Mon Jul 19 15:14:42 UTC 2010

On Mon, Jul 19, 2010 at 03:04:36PM +0000, bmanning at vacation.karoshi.com wrote:
> 	because I don't know where the one trying to validate is coming from.

I have no idea what that has to do with this.  There is no sense of
the "DNS location" of the originating requester being significant
anywhere in any of the DNSSEC RFCs that I can see, but I'm probably
missing something.  Do you have a passage I should read?

> 	if the origin of the validation request (the I in "I want to 
> 	validate www.example.org") is  laptoy.example.org, then I 
> 	can't see how the TA for . would validate and the TA for .org would
> 	not.

Because .org rolled their key, changed the DS in ., and didn't publish
a new TA?


Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.

More information about the dns-operations mailing list