whether to return RRSIG RRs
Tony Finch
dot at dotat.at
Tue Jul 5 10:26:56 UTC 2011
Cathy Zhang <zhangclcathy at gmail.com> wrote:
> # Check direct query for RRSIG: If it's not cached with other records,
> # it should result in an empty response.
>
> Why shouldn't recursive server return RRSIG RRs to the client?
An RRSIG is part of the RRset that it signs, and the whole thing must
travel together as a unit. If you fetch the signature and the signed
records separately, you are likely to encounter a spurious mismatch when
the authoritative data changes.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Portland, Plymouth, Northwest Biscay: Southerly or southwesterly 4 or 5,
increasing 5 to 7 later. Slight or moderate. Rain or showers. Moderate or
good, occasionally poor.
More information about the bind-users
mailing list