To:
Miek Gieben <miekg@nlnetlabs.nl>
cc:
dnsop@cafax.se
From:
Mats Dufberg <dufberg@nic-se.se>
Date:
Wed, 11 Oct 2000 12:35:45 +0200 (CEST)
In-Reply-To:
<20001011112242.A27943@open.nlnetlabs.nl>
Sender:
owner-dnsop@cafax.se
Subject:
Re: DNSSEC and child sigs
On Wed, 11 Oct 2000, Miek Gieben wrote: > We can identify the following situations: > > A B C D > parent has .. |key+sig |key+sig| - |key+sig | > child has |key+sig |key |key+sig | - | > ----------------------+---------+-------+----------+---------| (...) > It seems that D is the most optimum and B also ranks high, but we see > that bind9 uses either A or C. Why? Data in the delegation point, and below, belongs to the child zone. Any data in the parent zon (NS, A/glue) are actually copies of data in the child zone (parent is not authoritative for that data). NXT is an exception (where you have two different in the same node), but KEY and SIG are not, as far as I know. Mats ----------------------------------------------------------------- Mats Dufberg dufberg@nic-se.se NIC-SE +46-8-545 857 06 Box 5774 fax: +46-8-545 857 29 SE-114 87 Stockholm http://www.nic-se.se/