In article <[email protected]> you write: >> On Nov 3, 2020, at 8:19 PM, John Levine <[email protected]> wrote: >> >> I grepped through the downloaded contracted zone files for signed A >> and AAAA records and found over 32,000 of them in over 200 TLDs. The >> list of TLDs and counts are below, or you can find the whole set at >> https://www.iecc.com/signedglue.txt > >Perhaps the count could be broadened? That is, a count of RRSIGs for all >*non-apex* RRtypes other than DS, NSEC or NSEC3? In a delegation-only >zone one would generally not expect to find much besides NS, DS and RRSIG >and NSEC(3) RRs, with the NS RRs and glue A RRs unsigned.
I poked around and agree with you that there isn't much other than A and AAAA signed glue-ish records. There's a few SRV records. I don't think any TLD other than .biz has CNAMEs. There are a lot of MX in .NAME which is a rather peculiar TLD. But as I said in November, there is a lot of signed glue, it is not going away, and this draft does not match reality. Nothing has changed and I don't see any reason to waste more time with it. R's, John _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
