Queries for NSEC3 hashed owner names
Mark Andrews
marka at isc.org
Thu Feb 4 21:18:35 UTC 2010
In message <19306.52059.975062.462029 at hadron.switch.ch>, Alexander Gall writes:
>
> All of those are NSEC3-agnostic. They should not do any DNSSEC
> processing for the ch zone, because they don't support algorithm #7.
Yes and no. Just because you are using a algorithm that is unsupported
doesn't mean that you won't get queries looking for the break point
between supported and unsupported algorithms. DS queries are used
to find that break point.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list