On 04/05/2009 12:04 PM, Chuck Anderson wrote:
Because DNSSEC is still in it's infancy w.r.t. production deployment
on the Internet. The powers that be still haven't signed the root
zone, and most TLD zones aren't signed either. So we have to live
with the hack known as DLV for now, and there isn't much robustness in
that service yet.
Then Fedora shouldn't be shipping bind RPMs that turn DNSSEC validation
on, should it? Or perhaps dnssec-must-be-secure can be used in
named.conf to configure in such a way that named tries DNSSEC validation
but allows the query to proceed (with an error message logged) even if
it fails?
jik
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
