Signed root - missing RRSIG for delegation?
Alan Clegg
aclegg at isc.org
Fri Jul 16 10:36:32 UTC 2010
On 7/16/2010 6:25 AM, Niobos wrote:
> It's probably just my lack of knowledge, but there seems to be a missing
> RRSIG in the root zone.
>
> I try to securely resolve example.net. I obviously get a delegation
> returned (dig output below), but I can't seem to validate that
> delegation. The delegation itself (and a direct request for net./NS)
> only yield an RRSIG over the NSEC RRset, not over the NS RRset and not
> over the glue A-records (which are in bailiwick, and I have "no other
> way" to resolve them)
>
> Can anyone clarify?
.net isn't signed, and you don't sign "out-of-zone" data (glue and
delegation NS records).
What do you mean 'I have "no other way" to resolve them' -- yes, they
are signed, but they seem to resolve just fine.
AlanC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100716/85bbfebe/attachment.bin>
More information about the bind-users
mailing list