[dns-operations] negative dnssec replies
Matthäus Wander
matthaeus.wander at uni-due.de
Sat Nov 26 17:50:09 UTC 2016
Router Log wrote on 2016-11-26 14:10:
> The signing of negative replies from dnssec enabled zones increase the
> size of the zone data an the complexity dns. For the ease of use and
> implementaion would it be a good idea that a dnssec enabled zone could
> signal to a querier that it intends to send unsigned nxdomain replies?
> This mechanism would have to be signed of course.
It's not wise to fight the complexity of a system by adding more
complexity to it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5523 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20161126/ab394e2e/attachment.bin>
More information about the dns-operations
mailing list