> From: Robert Moskowitz <[email protected]> > One of my secondaries, though, does not support DNSSEC
How does a secondary authoritative DNS server fail to support DNSSEC? It's not as if it would be doing any signature checking or automagic (re)signing. Does it not tolerate the not at all new RRSIG and NSEC or NSEC3 record types? Or does not not haves EDNS support? In any case, some naming and shaming seems appropriate. Basic DNSSEC support (i.e. maybe not yet TLSA or SMIMEA) is a fundamental checklist item today. Vernon Schryver [email protected] _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
