I agree for the consequence of those "cache misses".
But doesnot that mean that RFC4035 needs amended to state :
"remove atomic entry if *all* its RRSIGs get invalid"
(because now it states : any = "at least one")
And it implicitly confirms that these statements in the RFC
do apply to expired RRSIG's in the cache.
You might want to address these questionsto dnsop/dnsex since this
is more a queastion about the RFC then something bind specific.
jaap
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
