[Opendnssec-develop] OpenDNSSEC and RFC5155

Olaf Kolkman olaf at NLnetLabs.nl
Wed Feb 17 10:49:53 UTC 2010

On Feb 16, 2010, at 5:26 PM, sion at nominet.org.uk wrote:

> Evening all,
> RFC5155 says, on page 32, "zone signing tools SHOULD NOT default to using
> opt-out". But in trunk/OpenDNSSEC/conf/kasp.xml.in we turn opt-out on...
> Should we comment this tag out?


OPT-OUT was designed for delegation centric zones, and while the OpenDNSSEC development group is top heavy with those the common user-base is not.



Olaf M. Kolkman                        NLnet Labs
                                       Science Park 140, 
http://www.nlnetlabs.nl/               1098 XG Amsterdam

More information about the Opendnssec-develop mailing list