Darcy Kevin (FCA) <kevin.da...@fcagroup.com> wrote: > My understanding is that the "extra" stuff wouldn't have any signature > at all.
I'm not sure if the question was that well specified :-) > Wouldn't that break DNSSEC if the rest of the response had signatures? > Or does the DNSSEC-validation algorithm support "hybrid" responses like > that? I believe BIND works more like the latter but unbound works more like the former. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Bailey: Variable becoming southeast 3 or 4, increasing 5 or 6. Slight or moderate. Rain later in southwest. Good. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
