On Thu, Nov 27, 2008 at 03:52:50PM -0500, Steve Crocker <steve@xxxxxxxxxxxx> wrote a message of 161 lines which said: > the intent is to simply include the DNSSEC-compliant recursive > resolver in the standard DHCP configuration during the plenary. > That is, during the plenary, DHCP responses will include the > DNSSEC-compliant recursive resolver. Even though the normal DNS > requests will thus go through the DNSSEC-compliant recursive > resolver, the end system will see no difference unless the end > system asks for a a signed response. Hold on, you mean the recursive resolver will NOT validate by default? If so, this is not an experiment, this is MUCH LESS than what many people on this list already do every day (having a recursive resolver which validates even without any specific request). % dig A futuredate-A.newzsk-ns.test.dnssec-tools.org ; <<>> DiG 9.5.0-P2 <<>> A futuredate-A.newzsk-ns.test.dnssec-tools.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57934 _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf