[dns-operations] cool idea regarding root zone inviolability

Matthew Pounsett matt at conundrum.com
Sat Nov 29 20:56:17 UTC 2014

On Nov 28, 2014, at 02:07 , Paul Vixie <paul at redbarn.org> wrote:

> is there some reason why an updated sig(0) is not a solution to this? 

People move zone data around using mechanisms other than *XFR (scp, database replication, etc.).  A signature on the complete zone, as part of the zone, also covers those mechanisms.

More information about the dns-operations mailing list