Shane Kerr wrote: > I think we all understand that it is possible to inject bad data into > the DNS at the parent. What do you mean "the parent"? Do you mean master zone file of the parent or some caching server expected by a client to have parent data? > What I do not understand about this comment is how transport security > can help in that case. Can you please explain? Explanation depends on your definition of "the parent". Masataka Ohta _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf