In message <[email protected]>, Tony Fin ch writes: > Vernon Schryver <[email protected]> wrote: > > > > How does a secondary authoritative DNS server fail to support DNSSEC? > > A security-aware authoritative server has to support: > > * EDNS0 and DO > * RRSIG records alongside the RRsets they cover in responses > * Special logic for DS in parent zones > * NSEC or NSEC3 in negative and wildcard responses
Well that's been available for 8 years now. Even Microsoft support it in their servers. NSEC3 support has been available for 4 years. It's hard to find servers that don't support DNSSEC out of the box these days. > Tony. > -- > f.anthony.n.finch <[email protected]> http://dotat.at/ > Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. > Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, > occasionally poor at first. > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
