* prock: > In a DNSSEC compliant world (I know we're not there yet) we need to > give a copy of our DSSET and KEYSET to our parent domain. Please > confirm that is an accurate statement.
Parent zone policies vary. Some require DS RRs, some DNSKEY RRs. Demanding DNSKEY RRs can prolong the life of signature schemes with certain weaknesses (which might be helpful at some point in the future). -- Florian Weimer <fwei...@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
