[dnssec-deployment] Deploying DNSSec root in productive enviroment

[David Blacka]

Mark Andrews wrote:

> 	The problem is that the com servers are not DS aware.  Most
> 	(all?) of the other tlds have at least one DS aware server.
> 
> 	There is nothing wrong with SERVFAIL being returned for a DS
> 	query when all the servers are not DS aware.

What? There is certainly something wrong with a SERVFAIL here.  Why does
BIND even query the *.gtld-servers.net for a DS?


-- 
David Blacka                      <davidb at verisignlabs.com>
Sr. Engineer    VeriSign Infrastructure Product Engineering