On Thu, Nov 27, 2008 at 03:52:50PM -0500,
Steve Crocker <steve(_at_)shinkuro(_dot_)com> wrote
a message of 161 lines which said:
the intent is to simply include the DNSSEC-compliant recursive
resolver in the standard DHCP configuration during the plenary.
That is, during the plenary, DHCP responses will include the
DNSSEC-compliant recursive resolver. Even though the normal DNS
requests will thus go through the DNSSEC-compliant recursive
resolver, the end system will see no difference unless the end
system asks for a a signed response.
Hold on, you mean the recursive resolver will NOT validate by default?
If so, this is not an experiment, this is MUCH LESS than what many
people on this list already do every day (having a recursive resolver
which validates even without any specific request).
% dig A futuredate-A.newzsk-ns.test.dnssec-tools.org
; <<>> DiG 9.5.0-P2 <<>> A futuredate-A.newzsk-ns.test.dnssec-tools.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57934
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf