Hi, I realise that the focus of the document is on serving authoritative DNS information. However, could it say a bit more about validator operators.
In particular, is there any good reason why validators should ever have their TA configured in a non-RFC5011 state (i.e. using trusted-keys clause in BIND or trust-anchor-file or trust-anchor clauses in Unbound)? Since there is no RFC5011 signalling mechanism, validator operators should always assume that the TA may be under RFC5011 control and always use the managed-keys clause in BIND or auto-trust-anchor-file clause in Unbound. Or am I missing something? John On 31 Oct 2011, at 10:33, [email protected] wrote: > A New Internet-Draft is available from the on-line Internet-Drafts > directories. This draft is a work item of the Domain Name System Operations > Working Group of the IETF. > > Title : DNSSEC Operational Practices, Version 2 > Author(s) : Olaf M. Kolkman > W. (Matthijs) Mekking --- [email protected] Sinodun Internet Technologies Ltd. Stables 4, Suite 11, Howbery Park, Wallingford, Oxfordshire, OX10 8BA, U.K. +44 (0)1491 834957 _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
