[dnssec-deployment] Deploying DNSSec root in productive enviroment
davidb at verisignlabs.com
Tue Apr 17 14:19:35 EDT 2007
Mark Andrews wrote:
> The problem is that the com servers are not DS aware. Most
> (all?) of the other tlds have at least one DS aware server.
> There is nothing wrong with SERVFAIL being returned for a DS
> query when all the servers are not DS aware.
What? There is certainly something wrong with a SERVFAIL here. Why does
BIND even query the *.gtld-servers.net for a DS?
David Blacka <davidb at verisignlabs.com>
Sr. Engineer VeriSign Infrastructure Product Engineering
More information about the Dnssec-deployment