On 7/16/2010 6:25 AM, Niobos wrote: > It's probably just my lack of knowledge, but there seems to be a missing > RRSIG in the root zone. > > I try to securely resolve example.net. I obviously get a delegation > returned (dig output below), but I can't seem to validate that > delegation. The delegation itself (and a direct request for net./NS) > only yield an RRSIG over the NSEC RRset, not over the NS RRset and not > over the glue A-records (which are in bailiwick, and I have "no other > way" to resolve them) > > Can anyone clarify?
.net isn't signed, and you don't sign "out-of-zone" data (glue and delegation NS records). What do you mean 'I have "no other way" to resolve them' -- yes, they are signed, but they seem to resolve just fine. AlanC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
