> In message <4de43e3e.2040...@chrysler.com>, Kevin Darcy writes:
> > Normally I'd defer to your vastly greater knowledge and experience in
> > DNSSEC, but here in the U.S. we have a saying "I'm from Missouri", which
> > is a roundabout way of expressing "show me" ("Show Me" being the
> > unofficial slogan of the state of Missouri). Maybe it *should* work, but
> > when it comes to nifty technical hacks, until co-existence is actually
> > demonstrated, I still think there might be a gotcha somewhere...
On 31.05.11 11:33, Mark Andrews wrote:
> This happens all the time whenever a signed zone content changes.
> You have different servers returning different answers for the same
> query all of which can be validated as secure. DNSSEC requires
> that the data and signature pass through the system as a atomic
> unit. DNSSEC aware servers and resolvers keep this data together.
> If you don't things break.
>
> DNS Race just keeps the answers permanently out of sync instead of
> the temporary condition that happens with normal updates.
This problem could be avoided by providing the same data, but differently
sorted, correct?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
