[bind10-dev] bind10-1.0.0-beta auth server answers SERVFAIL for an empty non-terminal due to "Unexpected covering NSEC3 found" error
JINMEI Tatuya / 神明達哉
jinmei at isc.org
Tue Jan 22 17:23:50 UTC 2013
At Tue, 22 Jan 2013 12:07:59 +0100,
Jelte Jansen <jelte at isc.org> wrote:
> > ERROR [b10-auth.auth/80537] AUTH_PROCESS_FAIL message processing
> > failure: Unexpected covering NSEC3 found for c.c.tld.
> >
> > BIND 9 answers empty, NO ERROR answer.
[...]
> Depending on what the errata will end up as, the fix may be 'works
> according to spec', easy (treat it the same as DS no data proof), or
> more involved (if we actually have to dive into the data below the ENT
> to see what is there)... I'm not entirely sure how we should behave in
> the mean time.
In any case we probably overlooked something in implementing it as
we generally tried to port BIND's behavior for NSEC/NSEC3 handling.
I've not yet checked whether the errata discussion at dnsext affects
this case and (if it does) when it's sorted out, but unless it's fixed
by the next sprint I think we should make it compatible with BIND 9 in
the next sprint.
---
JINMEI, Tatuya
More information about the bind10-dev
mailing list