A couple of quick observations: * The draft says that the answer in a signed zone MAY be unsigned. Since this will ultimately cause a SERVFAIL for validating resolvers, it is not really acceptable.
* The draft does not describe at all what the proper behaviour is for an owner name that has a CNAME record. Since CNAMEs require special handling, this should be addressed. Personally I think the CNAME should be returned in this case. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop