Its my understanding that EDNS is going to be required to exchange keys
properly for DNSSEC. Am I wrong? Is EDNS going to be a requirement in
the future?
Thanks in advance,
Curtis
On 3/18/2010 8:40 PM, Michael Fincham wrote:
Hi Bert,
Thanks for the expedient and comprehensive reply.
On
Just to clarify, EDNS for DNSSEC is only a requirement for:
1) high performance DNSSEC operation, or
2) DNSSEC operation in case TCP/IP is not available.
In an understandable effort to make the world safe for DNSSEC, BIND has
been sending DNSSEC-enabled questions *by default* for a long time