Queries for NSEC3 hashed owner names
Alexander Gall
gall at switch.ch
Fri Feb 5 09:21:11 UTC 2010
On Fri, 05 Feb 2010 08:18:35 +1100, Mark Andrews <marka at isc.org> said:
> In message <19306.52059.975062.462029 at hadron.switch.ch>, Alexander Gall writes:
>>
>> All of those are NSEC3-agnostic. They should not do any DNSSEC
>> processing for the ch zone, because they don't support algorithm #7.
> Yes and no. Just because you are using a algorithm that is unsupported
> doesn't mean that you won't get queries looking for the break point
> between supported and unsupported algorithms. DS queries are used
> to find that break point.
But isn't the break point at the DLV/trusted-key level for ch?
--
Alex
More information about the bind-users
mailing list