> I think you mean if you receive a BOGUS validation result (eg missing > RRSIG records, or otherwise are not getting the records needed for proof > of non-existance or signatures. In that case, I think the existing > DNS protocol already tells you to try other servers? >
According to RFC4035 section 5.5, there is no retry to other servers. > This looks exactly what the ADD working group is working on? Thanks. I will check that. The only > difference is instead of prefering some more private mechanism, you > only prefer the more private mechanism upon some failure case? I prefer current infrastructure already deployed. Davey
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
