On 2013-02-17, at 10:37, "Livingood, Jason" <[email protected]> wrote:
> Makes sense to me. So if I added very explicit text to the effect that > "Negative Trust Anchors MUST NOT be used by host-based DNSSEC validating > DNS resolvers; this practice only pertains to network-based DNS recursive > resolvers that multiple hosts query." would that do it? If there was a way to publish NTAs in the DNS, I would think unbound running on my laptop could behave the same way as unbound running on a stack of servers in a data centre. Whether or not I configure my laptop-resident unbound to look for such NTAs is surely up to me. I don't really understand the motivation for the MUST NOT above. Joe _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
