DNSOP mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Miek Gieben <miekg@nlnetlabs.nl>
cc: dnsop@cafax.se
From: Mats Dufberg <dufberg@nic-se.se>
Date: Wed, 11 Oct 2000 12:35:45 +0200 (CEST)
In-Reply-To: <20001011112242.A27943@open.nlnetlabs.nl>
Sender: owner-dnsop@cafax.se
Subject: Re: DNSSEC and child sigs

On Wed, 11 Oct 2000, Miek Gieben wrote:

> We can identify the following situations:
> 
>                             A         B       C          D
>   parent has ..         |key+sig  |key+sig|   -      |key+sig  |
>   child has             |key+sig  |key    |key+sig   |   -     |
>   ----------------------+---------+-------+----------+---------|
(...)
> It seems that D is the most optimum and B also ranks high, but we see
> that bind9 uses either A or C. Why?

Data in the delegation point, and below, belongs to the child zone. Any
data in the parent zon (NS, A/glue) are actually copies of data in the
child zone (parent is not authoritative for that data). NXT is an
exception (where you have two different in the same node), but KEY and
SIG are not, as far as I know.

Mats

-----------------------------------------------------------------
Mats Dufberg                                    dufberg@nic-se.se
NIC-SE                                           +46-8-545 857 06
Box 5774                                    fax: +46-8-545 857 29
SE-114 87 Stockholm                         http://www.nic-se.se/

References:
- DNSSEC and child sigs
  - From: Miek Gieben <miekg@nlnetlabs.nl>

Prev by Date: DNSSEC and child sigs
Next by Date: DNSSEC and Parent SIG in Child zone
Prev by thread: DNSSEC and child sigs
Next by thread: DNSSEC and Parent SIG in Child zone
Index(es):
- Date
- Thread

Home | Date list | Subject list