[dns-operations] [Dnssec-deployment] The reverse for ::1 is signed as non-existant when it should be.
Joe Abley
joe.abley at icann.org
Fri Feb 17 12:34:26 UTC 2012
Hi Mark,
On 2012-02-16, at 19:55, Mark Andrews wrote:
> As per RFC 6303 this answer should not be signed. See IANA
> Considerations. Please take steps to correct. This is breaking
> validating stub resolvers and validating nameservers that forward
> this request to a nameserver with default local zones configured.
6303 specifies that that answer should not be signed when it is locally-served.
The answer you got was from the IP6.ARPA zone. Are you suggesting that IP6.ARPA should be unsigned?
Joe
More information about the dns-operations
mailing list