[dns-operations] negative dnssec replies
Florian Weimer
fw at deneb.enyo.de
Sun Nov 27 15:48:47 UTC 2016
* Router Log:
> The signing of negative replies from dnssec enabled zones increase the size
> of the zone data an the complexity dns. For the ease of use and
> implementaion would it be a good idea that a dnssec enabled zone could
> signal to a querier that it intends to send unsigned nxdomain replies? This
> mechanism would have to be signed of course.
Doesn't the NSEC3 opt-out mechanism achieve pretty much something like
this?
More information about the dns-operations
mailing list