On Mon, Feb 13, 2012 at 2:31 PM, Tony Finch <d...@dotat.at> wrote: > Florian Weimer <f...@deneb.enyo.de> wrote: > > > > Doesn't the DNSSEC-based mitigation rely on RRSIGs whose validity does > > not extend too far into the future? > > It depends on the TTL of the DS record or its proof of nonexistence. > > Of course, the TTL is also bounded by the expiration of the RRSIG.
Casey
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
