On 27/09/2022 3:58 am, Benny Pedersen wrote:
imho dnssec-validation auto; have a bug as it validates domains
without DS set
hope bind developpers can confirm or deny it
Hi Benny.
Until DS records are published in the parent zone, the (signed) zone is
considered 'insecure', and validation doesn't occur. i.e. The behaviour
you described above is how it is supposed to work.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
