In message <alpine.lsu.2.00.1302171800460....@hermes-1.csi.cam.ac.uk>, Tony Fin ch writes: > Vernon Schryver <v...@rhyolite.com> wrote: > > > > How does a secondary authoritative DNS server fail to support DNSSEC? > > A security-aware authoritative server has to support: > > * EDNS0 and DO > * RRSIG records alongside the RRsets they cover in responses > * Special logic for DS in parent zones > * NSEC or NSEC3 in negative and wildcard responses
Well that's been available for 8 years now. Even Microsoft support it in their servers. NSEC3 support has been available for 4 years. It's hard to find servers that don't support DNSSEC out of the box these days. > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ > Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. > Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, > occasionally poor at first. > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
