On 31/10/2017 14:34, Tony Finch wrote:
> It's NXDOMAIN. (It'll also fall foul of RFCs 8020 and 8198.) > > The problem occurs if you have a validator behind a cache. The cache will > prevent downstream id._ta. queries from reaching the root, so any > downstream trust anchor variation will be lost. Right, but if it's _defined_ to be an ENT instead (with NOERROR) then that problem shouldn't arise? In any event, for the proposed new mechanism the queries don't reach the root, they're handled internally within the resolver. Ray _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
