[dns-operations] BIND and the upcoming .COM DNSSEC change

George Barwood george.barwood at blueyonder.co.uk
Mon Mar 28 09:23:38 UTC 2011

----- Original Message ----- 
From: "Florian Weimer" <fw at deneb.enyo.de>
To: <dns-operations at mail.dns-oarc.net>
Sent: Sunday, March 27, 2011 7:45 PM
Subject: [dns-operations] BIND and the upcoming .COM DNSSEC change

> It's not clear to me how buggy versions of BIND (9.6-ESV, in
> particular) react to DNSSEC-related changes as described in:
> <http://www.verisignlabs.com/documents/BIND-DS-Servfail.pdf>

Not answering your question, but I'm puzzled by the description in the PDF

"3. DS in .NET.  DS records are published in the .NET zone"

Assuming these are the same DS records for .NET that are to be published
in the root zone, why were they ever published in the child zone?
This is contrary to the standard, on my understanding.


More information about the dns-operations mailing list