Hi Vladimir, I appreciate your response and it's great to know you validate by default. I apologize for posting to the wrong list.
Best, Henry On Wed, Mar 12, 2025 at 9:14 AM Vladimír Čunát <[email protected]> wrote: > Hello. > On 10/03/2025 17.01, birgelee--- via knot-dns-users wrote: > > This ballot requires compliance with RFCs 4035 (specifically an > implementation of a "security-aware" resolver as defined in Section 4) and > 6840. To the best of my knowledge Knot would be a viable choice for > conforming to this ballot particularly since there is a reference to RFCs > 4035 in the config documentation and 6840 implements several key features of > modern DNSSEC. Given the need for documentable compliance by CAs, a statement > of intended support from the Knot team would be extremely helpful. > > This is about resolvers apparently, so we're slightly off-topic here, as > we have a split [email protected] - but I expect this > thread to be very short. > > Knot Resolver *does support* modern DNSSEC validation, as described in RFC > 4035, 6840, and some others. And we validate by default, etc. > > --Vladimir >
--
