[dns-operations] Cutting a zone with DNSSEC

Mark Andrews marka at isc.org
Mon Oct 26 20:06:44 UTC 2015

In message <alpine.LSU.2.00.1510261531520.25050 at hermes-2.csi.cam.ac.uk>, Tony F
inch writes:
> Mark Andrews <marka at isc.org> wrote:
> >
> > No.  The validator should try other servers if the validation fails.
> > It just does more work until all the servers are up to date.
> OK, that's reassuring.
> And it's another point in favour of your argument that validating stubs
> should use CD=0, because CD=1 suppresses the recursive server's efforts
> to work around this kind of partial temporary breakage.


RFC 6840 is just plain wrong to say always send CD=1 and named doesn't.


> Tony.
> -- 
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
> Irish Sea, Shannon, Rockall, Malin: South or southeast 5 to 7, occasionally
> gale 8 at first. Rough or very rough, occasionally high in Shannon and Rockal
> l
> at first. Rain or showers. Good, occasionally poor.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list