0

If there are multiple DS records with each using a different but RFC-compliant algorithm and digest type, is there any way to predict how real world validators will select one?

I've tried to, for example, to review what the default behavior BIND would be, but I'm not familiar enough to know where to start to understand how it would resolve.

Example:

A zone has the following valid DS record algorithm and digest types:

Algorithm Digest type
13 2
7 2
8 4

How does a validator choose which DS record to use?

Paul
  • 2,755
  • 6
  • 24
  • 35
  • Does this answer your question? [Multiple DS records](https://serverfault.com/questions/789805/multiple-ds-records) – Esa Jokinen Jun 26 '21 at 05:15
  • @EsaJokinen No, that question only has an answer stating that it is within RFC to have multiple record sets and having an invalid or "orphan" DS record does not invalidate other records, as seemed the concern of the question. Please see my update attempting to clarify my question. – Paul Jun 26 '21 at 11:59
  • 2
    The premise of this question appears to be that validators do select one record (first or only) with meaningful effect on considering arbitrary valid paths. – anx Jun 27 '21 at 09:44

0 Answers0