On Mon, 8 Mar 2010, Joe Abley wrote: > > - signing ROOT-SERVERS.NET would result in potentially-harmful large > responses with no increase in security
Can't you deal with this by omitting the root-servers.net RRSIGs from the additional section of responses to queries to the root? Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
