Maintained by: NLnet Labs

"domain-insecure" no longer necessary?

Stephane Bortzmeyer
Sun May 8 18:03:21 CEST 2016


On Mon, May 09, 2016 at 12:53:15AM +0900,
 Daisuke HIGASHI <daisuke.higashi at gmail.com> wrote 
 a message of 48 lines which said:

>   Opt-Out NSEC3 don't proof existence or non-existence of _unsigned_
> domain name (RFC5155 12.2);

Makes sense, thanks. (Note that BIND disagrees and cannot forward to a
zone if the parent is signed, even with opt-out.)