On Mon, Feb 13, 2012 at 2:31 PM, Tony Finch <[email protected]> wrote: > Florian Weimer <[email protected]> wrote: > > > > Doesn't the DNSSEC-based mitigation rely on RRSIGs whose validity does > > not extend too far into the future? > > It depends on the TTL of the DS record or its proof of nonexistence. > > Of course, the TTL is also bounded by the expiration of the RRSIG.
Casey
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
