upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

it could be worse

Browse source 
git-svn-id: file:///svn/unbound/trunk@1707 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2009-07-08 12:07:03 +00:00
parent f3b66c177b
commit 374a7f45c2
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/TODO
View file

@ -210,6 +210,10 @@ Triggered by a trust anchor or by a signed DS record for a zone.
Advantage because if the zone is mildly broken, no time is spent redoing
stuff that was fine. Or after a spoof most other stuff is still there.
Disadvantage. After a sale the old data could linger for TTL time.
* listing bad servers and trying again may not be good enough, since
a combinatorial explosion for DSxDNSKEYxdata is possible for every
signature validation (using different nameservers for DS, DNSKEY and
data, assuming only the right combination has a chain of trust to data).
later