[Dnssec-deployment] Bind 9 validation failure on kocarkydavidek.cz (NSEC3 related)
Matthijs Mekking
matthijs at NLnetLabs.nl
Wed Oct 19 07:26:39 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/18/2011 06:07 PM, Mark Andrews wrote:
> Named is looking for a closest encloser NSEC3 record and not finding
> it. I have a patch to get the closest encloser from the RRSIG of
> the A record and with that the response validates. The patch still
> needs to be reviewed.
>
> Mark
It is not only at the validator, Bind9 also sends too much NSEC3 records
in the case of a wildcard answer response.
See http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=390
Best regards,
Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOnrPvAAoJEA8yVCPsQCW5UB4IAJZbnfTZruLJ3jYn3+z/+Um1
V08xSFDMgCFnRXJ+DEv4ooxPSIBSzhqkBWyfUjDsif0oD8CIYkP6BXp+zru9LmQH
ftWxLkymfWEVV9Cs6rNilIvX/cSas8cZTfMcCl9907FA6P3GCbV1kx0d/QKJvJBa
24wGWy8gRTtESmEg4o3bXvpERzXMBbS54HNOA9wd4tYsFywiOW9wvkx/r+m8CZLi
yQjW+N5F+CZWQ5FJKMsHpRTIyUNAlzUFJkEjMmLmZXQhKah5kEQuQwZOXnv4zmDK
of6rEO/hx6YxDFfw15fe7L81oQImFX0awz2BZQLa0tYg3RzZjbRvKMsainEs4tA=
=pXie
-----END PGP SIGNATURE-----
More information about the Dnssec-deployment
mailing list