Viktor Dukhovni writes: > On Sat, Feb 07, 2015 at 04:24:33PM +0100, Jan V?el?k wrote: > > > The BIND developers claim, that the behavior of BIND is correct. > > > > The upstream resolver (BIND) has DLV disabled and therefore uses > > a subset of trust anchors my local resolver (Unbound) uses. And the zone > > is insecure from the BIND's point of view. > > > > Ignoring the fact, that BIND adds NS records into authority from no > > reason, omitting the NS RRSIGs is probably justifiable. > > I think this is another good reason to stop using DLV.
Apparenlty there are plans to do so. There will be a talk about it at ICANN-52 (See <http://singapore52.icann.org/en/schedule/mon-tech/agenda-ccnso-tech-09feb15-en.pdf>.) jaap _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
