--- Begin Message ---
Dave Knight wrote:-
>> all you can validate is the NS set. The host records cannot be validated
>> because root-servers.net is not signed.
>
>Good point!
>
>They're still used to replace what was provided in the root.hints after the
>priming response is received though.
Without wishing to ask a really stupid question, is there any reason why
root-servers.net is not DNSSEC signed?
Would signing it provide additional any additional security?
--
Best wishes,
Matthew
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
