--- Begin Message ---
On 4/21/22 03:15, Mark Andrews wrote:
My main worry is this, correct, cache behaviour breaks DNSSEC validation
through a recursive
server.
Yes, same with Knot Resolver. When communicating with auths directly it
does work I think, but it never worked with forwarding when signed (for us).
Consequently, we know that these breakages don't have significant
practical impact, due to some real-life deployments which default to
forwarding with validation (by Knot Resolver; e.g. Turris).
--Vladimir
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
