- in the absence of full signing of the DNS from the root down, just how
many DLV spots must a resolver look in? It seems that proliferation of
DLV lookup points is no better (and arguably much worse) than the
original problem of piecemeal DNSSEC deployment - that of key hunting.
Hopefully only one. You would use IANA's one if you want
to see what the world would be like if the root is signed.
You would use ISC's (or similar) if you want to work around
missing links in the chains of trust.
But that's not one - that's *two* already - and we've really not even
begun to have fun with DLVs yet!
Ietf mailing list