Hi Andrew, On 3/7/25 21:28, Andrew Sullivan wrote:
I cannot think of a case where promises about the completeness of the RRSET for a given name and type are made except I suppose in zone transfers.
Validation of DNSSEC signatures requires that, so I'd say it's reasonable to expect DNSSEC-aware nameservers to deliver complete RRsets only (and if you set the DO bit, it should be pretty much guaranteed). Cheers, Peter -- Like our community service? 💛 Please consider donating at https://desec.io/ deSEC e.V. Möckernstraße 74 10965 Berlin Germany Vorstandsvorsitz: Nils Wisiol Registergericht: AG Berlin (Charlottenburg) VR 37525 _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
