Feb. 27, 2018
12:08 a.m.
On Mon, Feb 26, 2018 at 6:57 PM, Shumon Huque <shuque@gmail.com> wrote:
Here's what RFC 4035, Section 4 says:
4. Services Not Provided by DNS Security
[....]
The DNS security extensions provide data and origin authentication for DNS data. The mechanisms outlined above are not designed to protect operations such as zone transfers and dynamic update ([RFC2136], [RFC3007]). Message authentication schemes described in [RFC2845] and [RFC2931] address security operations that pertain to these transactions.
D'oh, I meant RFC 4033 ... https://tools.ietf.org/html/rfc4033#section-4 Shumon.