[dns-operations] cool idea regarding root zone inviolability
matt at conundrum.com
Sat Nov 29 20:56:17 UTC 2014
On Nov 28, 2014, at 02:07 , Paul Vixie <paul at redbarn.org> wrote:
> is there some reason why an updated sig(0) is not a solution to this?
People move zone data around using mechanisms other than *XFR (scp, database replication, etc.). A signature on the complete zone, as part of the zone, also covers those mechanisms.
More information about the dns-operations