Dear colleagues,
I have reviewed draft-ietf-dnsop-rfc4641bis-02. These are my
comments.
First, I think the draft is largely in good shape, but there remain
some substantive issues in it that I think require work. I do not
think there is enough current practice on the Internet to target BCP
On Wed, 17 Mar 2010, Andrew Sullivan wrote:
I think this should be changed to
The same operational concerns apply to the rollover of KSKs that
are used as trust-anchors. But remember: if a trust anchor
replacement is done incorrectly, and there is no other trust path
to the zone or
On Wed, Mar 17, 2010 at 03:51:42PM -0400, Paul Wouters wrote:
I think currently, a wrong DS trumps an updated DLV, but I have not
tested this recently on either bind or unbound. Is it specified anywhere
else what the expected behaviour is?
Good point. No, I have no idea.
A
--
Andrew
At 15:51 -0400 3/17/10, Paul Wouters wrote:
I think currently, a wrong DS trumps an updated DLV, but I have not
tested this recently on either bind or unbound. Is it specified anywhere
else what the expected behaviour is?
Local policy trumps all.
For instance in RFC 4035:
#4.9.3. Handling
