On Thu, 16 Jul 2009, Mark Andrews wrote:
How would this work?With portals that are only available to internal servers you are grafting on namespace and you configure your validator to know about it and potentially not validate that namespace. zone "portal.isp.com" { type forward; forward only; forwarders { ISP'r recursive servers; }; }; this is really no different to internal namespace.
The problem is not resolving portal.isp.com. The problem is that mail.xelerance.com "resolves" to portal.isp.com, but never makes it because my validating stub resolver has a DNSSEC key loaded for xelerance.com. A problem that in the future will become worse when the majority of the domains (and the root) is signed. Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
