[DNSSEC] Resolver behavior with broken DS records
bortzmeyer at nic.fr
Mon May 9 13:46:36 UTC 2011
On Mon, May 09, 2011 at 03:33:21PM +0200,
Marc Lampo <marc.lampo at eurid.eu> wrote
a message of 38 lines which said:
> 4 DS's in total,
> for each KSK 1 DS with SHA-1, one with SHA-2
> for one KSK, the algorithm used was changed from 5 to 8.
If I understand well, you have two KSK. In that case, yes, it should
work (in my case, there was one KSK, with two DS).
More information about the bind-users