Queries for NSEC3 hashed owner names

Mark Andrews marka at isc.org
Thu Feb 4 21:18:35 UTC 2010


In message <19306.52059.975062.462029 at hadron.switch.ch>, Alexander Gall writes:
>
> All of those are NSEC3-agnostic.  They should not do any DNSSEC
> processing for the ch zone, because they don't support algorithm #7.

Yes and no.  Just because you are using a algorithm that is unsupported
doesn't mean that you won't get queries looking for the break point
between supported and unsupported algorithms.  DS queries are used
to find that break point.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list