[dns-operations] Cutting a zone with DNSSEC
Mark Andrews
marka at isc.org
Mon Oct 26 20:06:44 UTC 2015
In message <alpine.LSU.2.00.1510261531520.25050 at hermes-2.csi.cam.ac.uk>, Tony F
inch writes:
> Mark Andrews <marka at isc.org> wrote:
> >
> > No. The validator should try other servers if the validation fails.
> > It just does more work until all the servers are up to date.
>
> OK, that's reassuring.
>
> And it's another point in favour of your argument that validating stubs
> should use CD=0, because CD=1 suppresses the recursive server's efforts
> to work around this kind of partial temporary breakage.
Yes.
RFC 6840 is just plain wrong to say always send CD=1 and named doesn't.
Mark
> Tony.
> --
> f.anthony.n.finch <dot at dotat.at> http://dotat.at/
> Irish Sea, Shannon, Rockall, Malin: South or southeast 5 to 7, occasionally
> gale 8 at first. Rough or very rough, occasionally high in Shannon and Rockal
> l
> at first. Rain or showers. Good, occasionally poor.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list