[dns-operations] negative dnssec replies

Matthäus Wander matthaeus.wander at uni-due.de
Sat Nov 26 17:50:09 UTC 2016

Router Log wrote on 2016-11-26 14:10:
> The signing of negative replies from dnssec enabled zones increase the
> size of the zone data an the complexity dns. For the ease of use and
> implementaion would it be a good idea that a dnssec enabled zone could
> signal to a querier that it intends to send unsigned nxdomain replies?
> This mechanism would have to be signed of course. 

It's not wise to fight the complexity of a system by adding more
complexity to it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5523 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20161126/ab394e2e/attachment.bin>

More information about the dns-operations mailing list