ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call comment on draft-weiler-dnssec-dlv-iana-00.txt

2007-08-29 16:25:32
from [Mark Andrews] [Permanent Link] 


Mark,

On Aug 29, 2007, at 3:24 PM, Mark Andrews wrote:

    The DLV operators only need this information up until the
    root is signed.  Once the root is signed the root's DLV will
    go in and these will be removed.


If the root gets signed and you remove the DLV stuff, won't you break  
any caching resolver that still has the DLV trust anchor configured?

Regards,
-drc


        No.  Please re-read the quoted paragraph.  The root's DLV
        will be there.

        You only need DLV records where there is a missing link in the
        trust chain.  If you have "." you don't need a DLV for "se" as
        there will be a DS for "se" in the root zone.

        Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews(_at_)isc(_dot_)org

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call comment on draft-weiler-dnssec-dlv-iana-00.txt, David Conrad
Next by Date:  Re: Last Call comment on draft-weiler-dnssec-dlv-iana-00.txt, David Conrad
Previous by Thread:  Re: Last Call comment on draft-weiler-dnssec-dlv-iana-00.txt, David Conrad
Next by Thread:  Re: Last Call comment on draft-weiler-dnssec-dlv-iana-00.txt, David Conrad
Indexes:  [Date] [Thread] [Top] [All Lists]