Hi,
I have, in the past, used the "conservative" approach to performing
algorithm rollovers for various domains. For many domains, this is
probably overkill, but I'd prefer to have the option of doing it,
especially for those mission-critical domains where you really don't
want to rely simpl
Michael,
there has never been needed to pre-publish RRSIGs because the DNS is
a loosely coherent system and from outside you can’t determine which DNSKEY
RRset signed which other RRset. There is only one regularly lookup where you
can determine whether the RRset is signed by all the algori
2 matches
Mail list logo
