[dnssec-deployment] Deploying DNSSec root in productive enviroment

David Blacka davidb at verisignlabs.com
Tue Apr 17 14:19:35 EDT 2007

Mark Andrews wrote:

> 	The problem is that the com servers are not DS aware.  Most
> 	(all?) of the other tlds have at least one DS aware server.
> 	There is nothing wrong with SERVFAIL being returned for a DS
> 	query when all the servers are not DS aware.

What? There is certainly something wrong with a SERVFAIL here.  Why does
BIND even query the *.gtld-servers.net for a DS?

David Blacka                      <davidb at verisignlabs.com>
Sr. Engineer    VeriSign Infrastructure Product Engineering

More information about the Dnssec-deployment mailing list