% This is an excellent argument for DNSSEC, in my eyes at least.
Yup. One of the best.
% Seems there is a to-do list forming here.
% * Get more eyeballs on the BIND 9<some version> failure scenarios with
% signed root. Can those who reported these speak up?
sure. -caching failures with -0722 master and 9.2.1 cache.
only the NXT/SIG records are cached.
-apparent inability for 922rc1 slaves of -0722 masters
from responding w/ SIG/KEY/NXT RRs from a signed zone.
(+trace indicates the DNSSEC rrs are available from
-another authoritative server- but dig does not show
this w/o the trace flag envolked.
sam had some other information on resolver behaviour.
% * Fix those issues and get a stable 9.3 out.
I'd be happy with another public snapshot.
--bill
#----------------------------------------------------------------------
# To unsubscripbe, send a message to <[EMAIL PROTECTED]>.
