[dnssec-deployment] How does it work?
marka at isc.org
Mon Jun 29 11:02:37 EDT 2009
The other way to think of this is: Does DNSSEC have to be
BETTER than plain DNS with a transfer? With plain DNS you
have the zone going dead (server turned off) / returning
stale data after the NS RRset is changes if the loosing
nameservers don't have a copy of the new zone.
DNSSEC doesn't really change anything if the loosing operator
refuses to play ball. The zone will go dead. A transfer is
slightly more complicated if the loosing operator co-operates
but it is easy enough to have a check list for them to work
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the Dnssec-deployment