To:
Shane Kerr <shane@ripe.net>
Cc:
Robert Elz <kre@munnari.OZ.AU>, Alain Durand <Alain.Durand@sun.com>, ggm@apnic.net, dnsop@cafax.se
From:
Jim Reid <Jim.Reid@nominum.com>
Date:
Fri, 28 Jun 2002 03:55:40 -0700
In-Reply-To:
Message from Shane Kerr <shane@ripe.net> of "Fri, 28 Jun 2002 11:58:41 +0200." <20020628095841.GF16776@x17.ripe.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: draft-durand-ngtrans-dns-issues-00.txt
>>>>> "Shane" == Shane Kerr <shane@ripe.net> writes: >> No. While technically they're allowed, they make no sense to >> actually use. PTR records (for this purpose) are useful only >> if there's some way to verify them. Shane> It's also not clear to me how a wildcard PTR is different Shane> from (or better than) a NS record. Well as someone already said, signing wildcard RRs can't be done easily (if at all) with DNSSEC. "Here's a SIG record for the name that you looked up even though that name doesn't exist and only matches a wildcard." At least the NS record(s) and the delegation of the zone they serve can be signed.