NSEC3 records not available through a BIND resolver <= 9.5?
Evan Hunt
each at isc.org
Wed Mar 17 17:25:06 UTC 2010
> BIND <=9.5 doesn't know that it's supposed to pass them in a NXDOMAIN
> response.
Correct, and whoops. We should have backported at least that much
knowledge of NSEC3.
> That said, I thought it would be possible to explicitely ask for TYPE50.
> But that seems not to work, either:
IIRC, RFC 5155 says that authoritative servers must not answer direct
queries for NSEC3.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list