[bind10-dev] NS/NSEC3/DNAME at wildcard
Peter Koch
pk at DENIC.DE
Sun Feb 6 17:51:17 UTC 2011
On Fri, Feb 04, 2011 at 02:31:51PM -0800, JINMEI Tatuya / ?$B?@L at C#:H wrote:
> For NSEC3 and DNAME, your response below seems to suggest the same
> conclusion I mentioned in my other response in this thread:
> - NSEC3 + wildcard is meaningless, but wouldn't be specifically
> harmful (so it's okay to simply accept it)
it's pointless anywhere except where the label matches a hashed owner name,
but the wildcard (or, more precisely, the "*" label) isn't special.
> - DNAME + wildcard is harmful (so it rather makes sense to reject it
> at loading time)
sound reasonable to me.
-Peter
More information about the bind10-dev
mailing list