[dns-operations] DS-side NSEC query
paul at nohats.ca
Sat Jul 30 22:23:35 UTC 2016
On Sat, 30 Jul 2016, Mark Andrews wrote:
> KEY is also another type which exists authoritatively both sides
> of a delegation as does NXT which NSEC replaced and bothe RRSIG and
> SIG. NXT and SIG should be virtually non-existent but KEY still
> still exists.
freeswan stopped using KEY a decade ago when the DNS people said
these records were for DNSSEC only and not for a PKI. Whoever still
uses KEY for anything would be wrong. I thought the introduction
of DNSKEY/RRSIG/NSEC killed the KEY/SIG/NXT records.
More information about the dns-operations