Cathy Zhang <zhangclca...@gmail.com> wrote: > # Check direct query for RRSIG: If it's not cached with other records, > # it should result in an empty response. > > Why shouldn't recursive server return RRSIG RRs to the client?
An RRSIG is part of the RRset that it signs, and the whole thing must travel together as a unit. If you fetch the signature and the signed records separately, you are likely to encounter a spurious mismatch when the authoritative data changes. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Portland, Plymouth, Northwest Biscay: Southerly or southwesterly 4 or 5, increasing 5 to 7 later. Slight or moderate. Rain or showers. Moderate or good, occasionally poor. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
