[bind10-dev] bind10-1.0.0-beta auth server answers SERVFAIL for an empty non-terminal due to "Unexpected covering NSEC3 found" error

[Michal 'vorner' Vaner]

Hello

On Tue, Jan 22, 2013 at 09:23:50AM -0800, JINMEI Tatuya / 神明達哉 wrote:
> In any case we probably overlooked something in implementing it as
> we generally tried to port BIND's behavior for NSEC/NSEC3 handling.
> I've not yet checked whether the errata discussion at dnsext affects
> this case and (if it does) when it's sorted out, but unless it's fixed
> by the next sprint I think we should make it compatible with BIND 9 in
> the next sprint.

I don't know if „it's compatible with bind9“ is a very good reason here, as we
the discussion suggests, it's not clear what is correct. We have many bugs for
sure, and we are not sure this one is a bug, so why the hurry? I could probably
name 5 places where we are not acting the same as bind9 without much thinking
and these places would be happening more often.

Anyway, I suggest we create a ticket, describe the problem and note we're
waiting for conclusion of the discussion and suggest there the zone data be
updated.

With regards

-- 
~, sweet ~

Michal 'vorner' Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind10-dev/attachments/20130123/d51bd4c9/attachment.bin>