can't query for RRSIG that references NSEC3
Jack Tavares
j.tavares at F5.com
Wed Jun 24 16:49:26 UTC 2009
Thanks. I obviously missed that part of the rfc.
--
Jack Tavares
________________________________________
From: Chris Thompson [cet1 at hermes.cam.ac.uk] On Behalf Of Chris Thompson [cet1 at cam.ac.uk]
Sent: Wednesday, June 24, 2009 18:44
To: Jack Tavares
Cc: Bind Users Mailing List
Subject: RE: can't query for RRSIG that references NSEC3
On Jun 24 2009, Jack Tavares wrote:
>a correction:
>
>my dig command is
>
>dig @127.0.0.1 -t RRSIG 4PPH7Q8R02M0AD8MLJPS0UEH2AB9KFJL.test.net
>
>and I still get NXDOMAIN
NSEC3 records (and their associated RRSIG records) are, in a sense, not
properly part of the zone. RFC 5155 section 7,2,8 "Responding to Queries
for NSEC3 Owner Names" mandates the response you are seeing.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list