Admittedly miss configured but unbound validates www.secure64.com <http://www.secure64.com/> when a revoked DNSKEY is used as a trust anchor, see attached unbound.conf.
Isn't that a violation of 5011 section 2.1? "Once the resolver sees the REVOKE bit, it MUST NOT use this key as a trust anchor or for any other purpose" /Stephan ---------------------------------------------------------------------- Stephan Lagerholm Senior DNS Architect, M.Sc. ,CISSP Secure64 Software Corporation, www.secure64.com Cell: 469-834-3940
unbound.conf
Description: unbound.conf
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
