Paul Vixie <[email protected]> wrote: > > dan kaminsky proposed several years ago that a stub be able to request, > by EDNS, the full RRSIG/DNSKEY/DS chain from the qname upward to some > specified TA, to permit stub validation without requiring a stub cache > or to spend many round trips on a validation.
You can do that with the current DNS protocol: just send all the queries and wait for all the replies. (This is particularly easy over TCP.) There's no need for more than one round trip in most cases, or maybe two if the answer involves CNAME/MX/SRV etc. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Southeast Iceland: Southerly veering southwesterly 7 to severe gale 9, occasionally storm 10 for a time in northwest. Rough or very rough, becoming high. Rain then wintry showers. Moderate, occasionally poor. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
