[dns-operations] [Dnssec-deployment] The reverse for ::1 is signed as non-existant when it should be.

Joe Abley joe.abley at icann.org
Fri Feb 17 12:34:26 UTC 2012

Hi Mark,

On 2012-02-16, at 19:55, Mark Andrews wrote:

> As per RFC 6303 this answer should not be signed.  See IANA
> Considerations.  Please take steps to correct.  This is breaking
> validating stub resolvers and validating nameservers that forward
> this request to a nameserver with default local zones configured.

6303 specifies that that answer should not be signed when it is locally-served.

The answer you got was from the IP6.ARPA zone. Are you suggesting that IP6.ARPA should be unsigned?


More information about the dns-operations mailing list