[dns-operations] DS-side NSEC query

Paul Wouters paul at nohats.ca
Sat Jul 30 22:23:35 UTC 2016

On Sat, 30 Jul 2016, Mark Andrews wrote:

> KEY is also another type which exists authoritatively both sides
> of a delegation as does NXT which NSEC replaced and bothe RRSIG and
> SIG.  NXT and SIG should be virtually non-existent but KEY still
> still exists.

freeswan stopped using KEY a decade ago when the DNS people said
these records were for DNSSEC only and not for a PKI. Whoever still
uses KEY for anything would be wrong. I thought the introduction
of DNSKEY/RRSIG/NSEC killed the KEY/SIG/NXT records.


More information about the dns-operations mailing list