To:
Paul Vixie <paul@vix.com>
cc:
namedroppers@ops.ietf.org, <dnssec@cafax.se>
From:
Brian Wellington <Brian.Wellington@nominum.com>
Date:
Tue, 17 Sep 2002 14:05:00 -0700 (PDT)
In-Reply-To:
<20020917173031.6A75228B01@as.vix.com>
Sender:
owner-dnssec@cafax.se
Subject:
Re: DS and the deployed base
On Tue, 17 Sep 2002, Paul Vixie wrote: > > So, my problem appears to be a bug when querying the Root with a bind > > 9.2.1 Recursive DNS Server. > > > > I now upgraded to 9.3.0s20020722 and I get the proper answers: > > > > Does this indicate that the "flag-day" may have much > > broader impact that one might have originally thought? > > according to published reports, bind8 is the most popular dns implementation > now in use, followed by bind4, followed by microsoft. the fact that an > interrim bind9 release didn't handle NXT RR's correctly is of very little > significance, since people who run bind9 at all are very susceptible to > upgrading it when they hear that a new release is available. This isn't a problem of not handling NXT records correctly. The problem is that with DS, referrals to unsigned delegations contain NXT records. A response with an empty answer section and NXT records in the authority section looks a lot more like a negative response than a referral to a server that doesn't speak DS. Brian