Append a Hard-coded Text Tuple into Additional Section of "dig" Feature
Darcy Kevin (FCA)
kevin.darcy at fcagroup.com
Thu Jun 16 22:26:06 UTC 2016
My understanding is that the "extra" stuff wouldn't have any signature at all. Wouldn't that break DNSSEC if the rest of the response had signatures? Or does the DNSSEC-validation algorithm support "hybrid" responses like that?
From: Tony Finch [mailto:dot at dotat.at]
Sent: Thursday, June 16, 2016 7:09 AM
To: Darcy Kevin (FCA)
Cc: bind-users at lists.isc.org
Subject: RE: Append a Hard-coded Text Tuple into Additional Section of "dig" Feature
Darcy Kevin (FCA) <kevin.darcy at fcagroup.com> wrote:
> It'll also, irrespective of caching, break DNSSEC.
No, extra stuff in the additional section should not break DNSSEC because the signatures are per-RRset not per-message.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode Tyne, West Dogger: Variable 3 or 4, becoming northerly or northwesterly 5 or 6. Slight becoming moderate. Rain or showers, fog patches. Moderate or good, occasionally very poor.
More information about the bind-users