[DNSOP] DS records and validating resolvers
Einar Bjarni Halldórsson <einar@isnic.is> Thu, 14 July 2016 16:20 UTC
Return-Path: <einar@isnic.is>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D716712B04D for <dnsop@ietfa.amsl.com>; Thu, 14 Jul 2016 09:20:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isnic.is
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RSAgiyqAj_qv for <dnsop@ietfa.amsl.com>; Thu, 14 Jul 2016 09:20:38 -0700 (PDT)
Received: from aker.isnic.is (aker.isnic.is [193.4.58.91]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3297612B03D for <dnsop@ietf.org>; Thu, 14 Jul 2016 09:20:38 -0700 (PDT)
Received: from artemis.isnic.is (artemis.isnic.is [193.4.58.239]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by aker.isnic.is (Postfix) with ESMTPS id 31CC93AC8F for <dnsop@ietf.org>; Thu, 14 Jul 2016 16:20:36 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isnic.is; s=mail; t=1468513236; bh=rdtLhLoEr0BiVSoQFFIzjQyVEnUVsNEwK6y2hfemvac=; h=From:Subject:Date:To; b=Hdg6mKRl5azlubvydgT9so8UZUKS/ZVa9yZoGsmtc3alsIQe+1JW3Wl1lAde8dg3Z YUlduXPgCPXje+i6T5WqanE71NyR6FDu91ZhFHEUCa+fS+LHRm7RinLFz5aUEXAJ3m vwIW9pVsfREaGa897iUo0wHXvaLqDeIHK6DlPRm0=
From: Einar Bjarni Halldórsson <einar@isnic.is>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <0646A536-E169-4CC3-B61A-C43880EC42B2@isnic.is>
Date: Thu, 14 Jul 2016 16:20:35 +0000
To: dnsop@ietf.org
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/yksLn7e1gr3qlPTLvPGVsiDhXlM>
Subject: [DNSOP] DS records and validating resolvers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2016 16:20:40 -0000
Hi, I’ve looked and could not find an answer to my question anywhere. If there are multiple DS records in a parent, with different key tags, where only one of the DS records has a corresponding DNSKEY record in the child zone that correctly signs the DNSKEY RRSET, will validating resolvers ignore the other DS records or could they cause responses from the child to become invalid? .einar ISNIC
- Re: [DNSOP] DS records and validating resolvers Tony Finch
- Re: [DNSOP] DS records and validating resolvers Ólafur Guðmundsson
- [DNSOP] DS records and validating resolvers Einar Bjarni Halldórsson