On Thu, Mar 30, 2017 at 06:25:28PM +0000, Woodworth, John R wrote: > I was under the impression DNSSEC fixed problems with integrity, > not inconsistency.
There's an expectation that the DNS will only be loosely coherent, but the same serial number should have the same answers, and an NSEC/NSEC3 proving nonexistence of an answer at one auth server is going be problematic if there is a positive answer from another. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
