When a validating resolver queries the parent of a zone for the DS record(s), and the (child) zone is NOT signed, the response contains no answer but it does contain NSEC (NSEC3) record(s) in the authority section together with corresponding RRSIG records (parent zone is signed). Would it be considered ok, harmfull, not allowed, (any other word) to include in that answer the NS RRSET for the child zone (obviously without any RRSIG)?
Against RFC? Not specified? Would it break resolvers? Any or all implementations? What do you think? Thanks. --Pj. Register your .eu domain name and win an iPod touch this X-Mas http://www.winwith.eu _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
