> -----Original Message----- > From: Evan Hunt [mailto:e...@isc.org] > > On Thu, Mar 30, 2017 at 06:25:28PM +0000, Woodworth, John R wrote: > > I was under the impression DNSSEC fixed problems with integrity, > > not inconsistency. > > There's an expectation that the DNS will only be loosely coherent, > but the same serial number should have the same answers, and an >
Hi Evan, Thanks again for your feedback. > > NSEC/NSEC3 proving nonexistence of an answer at one auth server > is going be problematic if there is a positive answer from another. > Agreed but I feel the degree of "problematic" may be being overstated. "If" a zone admin is aware of this limitation and "if" that zone admin chooses to move forward with deployment to a set of nameservers with a mix of capabilities despite the "ifs" where is the problem? A majority of early adopters will likely either be comfortable with this limitation or ensure it will not impact them. Thanks, John > > -- > Evan Hunt -- e...@isc.org > Internet Systems Consortium, Inc. > -- THESE ARE THE DROIDS TO WHOM I REFER: This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
