The passage below puzzles me. Why do you want servers to get the root zone from less trusted sources? And why does the source matter if the zone entries are DNSSEC-signed?
Thanks, Steve Sent from my iPhone > On Jul 26, 2018, at 7:33 PM, Mark Andrews <ma...@isc.org> wrote: > > Additionally most nameservers treat zone data as fully trusted. This is > reasonable when you are getting data from a “trusted" source. For the root > zone we want servers to be able to get a copy of the zone from a untrusted / > less trusted source. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
