[Yeti DNS Discuss] 答复: 答复: Five additional servers added to Yeti testbed & an bug finding on priming response

'Stephane Bortzmeyer' bortzmeyer at nic.fr
Fri May 6 08:50:48 UTC 2016


On Fri, May 06, 2016 at 02:44:15PM +0800,
 Davey Song <ljsong at biigroup.cn> wrote 
 a message of 160 lines which said:

> Knot IXFR behavior actually allows a advanced MZSK which requires
> resolver to validate each RRSIGs from multiple signer.

Not really. If such a resolver existed, it would still break since
Knot does not guarantee it will have every signature, only the
signatures of the DM it was in touch with. Since a root name server
contacts DM according to its own algorithm (random, RTT-fastest,
round-robin, whatever), you will not have such a guarantee (yesterday,
dahu2.yeti.eu.org served only two sigs, while we have three DMs).


More information about the discuss mailing list