On Wed, Aug 18, 2010 at 10:55 AM, Dave Sparro <dspa...@gmail.com> wrote: > It seems to me that the OP wanted a work-around to the fact that his end > users couldn't use the website due to a validation failure. > It still seems to me that working around that situation misses the point of > using DNSSEC. >
I read your response only in the context of the quoted text and didn't notice the text from the original post asking if there was a BIND work-around. Hence my lengthy discourse on insecure delegation... Regarding the "work-around", I'm not sure how BIND's "keep trying" algorithm is currently implemented and if it induces queries to other servers to find NSEC/NSEC3 RRs if they aren't present in the first response accompanying an NXDOMAIN or authoritative response with empty answer section. Regards, Casey _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
