[dnssec-deployment] How does it work?

[Mark Andrews]

	The other way to think of this is:  Does DNSSEC have to be
	BETTER than plain DNS with a transfer?  With plain DNS you
	have the zone going dead (server turned off) / returning
	stale data after the NS RRset is changes if the loosing
	nameservers don't have a copy of the new zone.

	DNSSEC doesn't really change anything if the loosing operator
	refuses to play ball.  The zone will go dead.  A transfer is
	slightly more complicated if the loosing operator co-operates
	but it is easy enough to have a check list for them to work
	though.

	Mark

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org