Using $GENERATE on KEY & TXT RRs?

Matt Larson mlarson at verisign.com
Fri Aug 2 23:58:15 UTC 2002


> > Dollars to donuts, it will be gospel.  Adding IPSEC/TLS/SSH keys
> > to the KEY record means you sling a lot of extra data around in DNS
> > when you're just trying to do DNSSEC verifies; enough to likely
> > break DNSSEC.
>
> Why would DNSSEC break because of this?  If DNSSEC breaks because of
> unrelated data, perhaps DNSSEC should be fixed instead of forbidding
> the unrelated data.

This certainly isn't the list for this discussion.  I was just repeating
what I perceive the consensus of the working group to be.  Take it to
namedroppers.

Matt




More information about the bind-workers mailing list