Using $GENERATE on KEY & TXT RRs?
Matt Larson
mlarson at verisign.com
Fri Aug 2 23:58:15 UTC 2002
> > Dollars to donuts, it will be gospel. Adding IPSEC/TLS/SSH keys
> > to the KEY record means you sling a lot of extra data around in DNS
> > when you're just trying to do DNSSEC verifies; enough to likely
> > break DNSSEC.
>
> Why would DNSSEC break because of this? If DNSSEC breaks because of
> unrelated data, perhaps DNSSEC should be fixed instead of forbidding
> the unrelated data.
This certainly isn't the list for this discussion. I was just repeating
what I perceive the consensus of the working group to be. Take it to
namedroppers.
Matt
More information about the bind-workers
mailing list