> From: Tony Finch <d...@dotat.at> > It is an interesting draft and I can see why the problem concerns you. The > dummy DS is a clever work-around, but it is a pity about the validation bug > in Google public DNS.
Thanks. I'm not sure that the validation error is a bug or not. > I wonder about the possibility of adjusting the rules for caching > delegations. Would it make sense to remember that a referral is insecure for > the lifetime of the NS RRset, instead of the lifetime of the negative DS > answer? This idea requires updating RFC 2308. I'm afraid that when newly registered DS RR will be used if the negative DS answer is cached. -- Kazunori Fujiwara, JPRS <fujiw...@jprs.co.jp> _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop