[nsd-users] NSD RFC compliance questions (DNSSEC related)
rmdavidson at gmail.com
Fri Oct 21 11:36:07 UTC 2011
Thanks very much!
On Fri, Oct 21, 2011 at 9:10 PM, Peter Koch <pk at denic.de> wrote:
> On Fri, Oct 21, 2011 at 09:47:37AM +0200, Matthijs Mekking wrote:
> > > RFC 4470 Minimally Covering NSEC Records and DNSSEC On-line Signing
> > No: NSD does not do signing.
> it might be helpful to the initial poster to know that, even though
> RFC 4470 (with amendments in RFC 4471) is on IETF Standards Track,
> it is to be considered an optional part of the DNSSEC protocol suite.
> This was to address the zone enumeration problem back in the day when
> NSEC3 (now in RFC 5155) was not yet fully specified, let alone implemented.
> Both methods address the same problem from different angles and
> have their pros and cons. With NSEC3 in use with various TLDs,
> tools and validators today can be expected to understand this
> extension (and NSD implements RFC 5155 on the authoritative server
> If the list of RFCs originated from a 3rd party checklist, I'd be
> interested in learning about the background.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nsd-users