[bind10-dev] NSEC3 consideration
Kevin Tes
xiejiagui at cnnic.cn
Mon Oct 31 01:27:10 UTC 2011
Hi,
As RFC 5155(DNS Security (DNSSEC) Hashed Authenticated Denial of
Existence)suggests that, there are eight case for NSEC3 Hashed
Authenticated Denial of Existence.
First: Name error,
Second: No data QTYPE is not DS,
Third: No data QTYPE is DS,
Fourth: Wildcard no data,
Fifth: Wildcard answer,
Sixth: Referrals to unsigned subzone,
Seventh: Query for NSEC3,
Eighth: Run-Time Collision.
Divide those to four categories,each category is an independent task.
<1> First
<2> Second,Third,Sixth,Seventh
<3> Fourth
<4> Fifth
For the hash algorithm specified in this document SHA-1, Run-Time Collision are highly unlikely happened,
so do not take 'eighth' into account.
More information about the bind10-dev
mailing list