[Opendnssec-develop] OpenDNSSEC and RFC5155
Olaf Kolkman
olaf at NLnetLabs.nl
Wed Feb 17 10:49:53 UTC 2010
On Feb 16, 2010, at 5:26 PM, sion at nominet.org.uk wrote:
> Evening all,
>
> RFC5155 says, on page 32, "zone signing tools SHOULD NOT default to using
> opt-out". But in trunk/OpenDNSSEC/conf/kasp.xml.in we turn opt-out on...
> Should we comment this tag out?
Yes...
OPT-OUT was designed for delegation centric zones, and while the OpenDNSSEC development group is top heavy with those the common user-base is not.
--Olaf
________________________________________________________
Olaf M. Kolkman NLnet Labs
Science Park 140,
http://www.nlnetlabs.nl/ 1098 XG Amsterdam
More information about the Opendnssec-develop
mailing list