Op 25-04-18 om 07:33 schreef Viktor Dukhovni: > The following is a TLSA RRset denial-of-existence example: > > example.com. IN SOA > RRSIG(example.com. SOA) > example.com. IN NSEC www.example.com. SOA NS MX A RRSIG NSEC
Hopefully the DNSKEY rrtype is included in this NSEC too :), so: example.com. IN NSEC www.example.com. A NS SOA MX RRSIG NSEC DNSKEY > RRSIG(example.com. NSEC) > example.com. DNSKEY > RRSIG(example.com. DNSKEY) > example.com. DS > RRSIG(example.com. DS) > com. DNSKEY > RRSIG(com. DNSKEY) > com. DS > RRSIG(com. DS) > . DNSKEY > RRSIG(. DNSKEY) _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
