> I wonder how to interpret '. DS'/'. DELEG' queries and welcome > opinions! > > Secondly it's unclear if RFC 4035 4.3. Determining Security Status > of Data somehow should applies to DS responses from root. I guess > it should, but how?
My conclusion when implementing a validator was that for the purpose of validating the a '. DS' query, the parent of the root is the root. Basically the algorithm that finds the parent of a zone terminates in the root. Then the NSEC at . proves that no DS record exists at the root. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
