[Yeti DNS Discuss] 答复: 答复: Five additional servers added to Yeti testbed & an bug finding on priming response
bortzmeyer at nic.fr
Fri May 6 08:50:48 UTC 2016
On Fri, May 06, 2016 at 02:44:15PM +0800,
Davey Song <ljsong at biigroup.cn> wrote
a message of 160 lines which said:
> Knot IXFR behavior actually allows a advanced MZSK which requires
> resolver to validate each RRSIGs from multiple signer.
Not really. If such a resolver existed, it would still break since
Knot does not guarantee it will have every signature, only the
signatures of the DM it was in touch with. Since a root name server
contacts DM according to its own algorithm (random, RTT-fastest,
round-robin, whatever), you will not have such a guarantee (yesterday,
dahu2.yeti.eu.org served only two sigs, while we have three DMs).
More information about the discuss