[DNSSEC] Resolver behavior with broken DS records

'Stephane Bortzmeyer' bortzmeyer at nic.fr
Mon May 9 13:46:36 UTC 2011

On Mon, May 09, 2011 at 03:33:21PM +0200,
 Marc Lampo <marc.lampo at eurid.eu> wrote 
 a message of 38 lines which said:

> 4 DS's in total,
> for each KSK 1 DS with SHA-1, one with SHA-2
> for one KSK, the algorithm used was changed from 5 to 8.

If I understand well, you have two KSK. In that case, yes, it should
work (in my case, there was one KSK, with two DS).

More information about the bind-users mailing list