[nsd-users] NSD RFC compliance questions (DNSSEC related)

Robert Davidson rmdavidson at gmail.com
Fri Oct 21 11:36:07 UTC 2011


Thanks very much!


On Fri, Oct 21, 2011 at 9:10 PM, Peter Koch <pk at denic.de> wrote:

> On Fri, Oct 21, 2011 at 09:47:37AM +0200, Matthijs Mekking wrote:
>
> > > RFC 4470 Minimally Covering NSEC Records and DNSSEC On-line Signing
> >
> > No: NSD does not do signing.
>
> it might be helpful to the initial poster to know that, even though
> RFC 4470 (with amendments in RFC 4471) is on IETF Standards Track,
> it is to be considered an optional part of the DNSSEC protocol suite.
> This was to address the zone enumeration problem back in the day when
> NSEC3 (now in RFC 5155) was not yet fully specified, let alone implemented.
> Both methods address the same problem from different angles and
> have their pros and cons. With NSEC3 in use with various TLDs,
> tools and validators today can be expected to understand this
> extension (and NSD implements RFC 5155 on the authoritative server
> side).
>
> If the list of RFCs originated from a 3rd party checklist, I'd be
> interested in learning about the background.
>
> -Peter
>



-- 
Regards,
Robert Davidson.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20111021/1f25fd9f/attachment.htm>


More information about the nsd-users mailing list