On 7/16/2010 6:36 AM, Alan Clegg wrote: > On 7/16/2010 6:25 AM, Niobos wrote: > >> It's probably just my lack of knowledge, but there seems to be a missing >> RRSIG in the root zone. >> >> I try to securely resolve example.net. I obviously get a delegation >> returned (dig output below), but I can't seem to validate that >> delegation. The delegation itself (and a direct request for net./NS) >> only yield an RRSIG over the NSEC RRset, not over the NS RRset and not >> over the glue A-records (which are in bailiwick, and I have "no other >> way" to resolve them) >> >> Can anyone clarify? > > .net isn't signed, and you don't sign "out-of-zone" data (glue and > delegation NS records). > > What do you mean 'I have "no other way" to resolve them' -- yes, they > are signed, but they seem to resolve just fine.
And, to clarify, "they are not signed"... (it's been a long week, folks). AlanC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
