Hello.
On 10/03/2025 17.01, birgelee--- via knot-dns-users wrote:
This ballot requires compliance with RFCs 4035
(specifically an implementation of a "security-aware" resolver as defined in
Section 4) and 6840. To the best of my knowledge Knot would be a viable choice for
conforming to this ballot particularly since there is a reference to RFCs 4035 in the
config documentation and 6840 implements several key features of modern DNSSEC. Given the
need for documentable compliance by CAs, a statement of intended support from the Knot
team would be extremely helpful.
This is about resolvers apparently, so we're slightly off-topic here, as
we have a split knot-resolver-users(a)lists.nic.cz - but I expect this
thread to be very short.
Knot Resolver *does support* modern DNSSEC validation, as described in
RFC 4035, 6840, and some others. And we validate by default, etc.
--Vladimir