Hi Vladimir,
I appreciate your response and it's great to know you validate by default.
I apologize for posting to the wrong list.
Best,
Henry
On Wed, Mar 12, 2025 at 9:14 AM Vladimír Čunát <vladimir.cunat(a)nic.cz>
wrote:
Hello.
On 10/03/2025 17.01, birgelee--- via knot-dns-users wrote:
This ballot requires compliance with RFCs 4035 (specifically an implementation of a
"security-aware" resolver as defined in Section 4) and 6840. To the best of my
knowledge Knot would be a viable choice for conforming to this ballot particularly since
there is a reference to RFCs 4035 in the config documentation and 6840 implements several
key features of modern DNSSEC. Given the need for documentable compliance by CAs, a
statement of intended support from the Knot team would be extremely helpful.
This is about resolvers apparently, so we're slightly off-topic here, as
we have a split knot-resolver-users(a)lists.nic.cz - but I expect this
thread to be very short.
Knot Resolver *does support* modern DNSSEC validation, as described in RFC
4035, 6840, and some others. And we validate by default, etc.
--Vladimir