On Tue, Jun 01, 2010 at 06:55:14AM -0700, Heavy Man <heavyma...@yahoo.com> wrote a message of 61 lines which said:
> I understand the root zones are currently getting signed There is only one root zone... > Just for sanity sake, should I be able to DIG +dnssec > a.gtld-servers.net and be able to see a RRSIG record No, because a.gtld-servers.net is in an unsigned domain. > (assume I have a valid dnssec recursive name server with a valid > trust anchor configured). That's not the point. > I understand DNS is public information but why wouldn't the root be > signed using nsec3 versus nsec? Because the root is well-known and available in many ways (FTP, AXFR, IANA Web site, etc). _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
