Hello.
On 10/03/2025 17.01, birgelee--- via knot-dns-users wrote:
This ballot requires compliance with RFCs 4035 (specifically an implementation of a "security-aware" resolver as defined in Section 4) and 6840. To the best of my knowledge Knot would be a viable choice for conforming to this ballot particularly since there is a reference to RFCs 4035 in the config documentation and 6840 implements several key features of modern DNSSEC. Given the need for documentable compliance by CAs, a statement of intended support from the Knot team would be extremely helpful.This is about resolvers apparently, so we're slightly off-topic here, as we have a split knot-resolver-users@lists.nic.cz - but I expect this thread to be very short.
Knot Resolver *does support* modern DNSSEC validation, as described in RFC 4035, 6840, and some others. And we validate by default, etc.
--Vladimir