[dns-operations] The reverse for ::1 is signed as non-existent

Edward Lewis Ed.Lewis at neustar.biz
Fri Feb 17 14:29:10 UTC 2012

Not cross-posted...

>On 2012-02-16, at 19:55, Mark Andrews wrote:
>>  As per RFC 6303 this answer should not be signed.  See IANA
>>  Considerations.  Please take steps to correct.  This is breaking
>>  validating stub resolvers and validating nameservers that forward
>>  this request to a nameserver with default local zones configured.

This is why I asked, a long time ago, for a "negative trust anchor." 
My context then was split dns[0] and the need to tell validators that 
internally a zone wasn't signed even if externally it was.

The request was a long time ago, maybe 5 years ago, and was forgetten.

[0] undefined in the IETF context; meaning any time a stub network 
uses different name resolution inside the stub network from the 
general public Internet.  Definitely applicable to RFC 1918 space 
(plus localhost reverse map).
Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

2012...time to reuse those 1984 calendars!

More information about the dns-operations mailing list