Insecurity proof failed resolving newsletter.postbank.de - but why?
Casey Deccio
casey at deccio.net
Tue Jan 21 04:02:10 UTC 2014
On Mon, Jan 20, 2014 at 12:46 PM, Graham Clinch <g.clinch at lancaster.ac.uk>wrote:
> Thanks for the replies - and noticing the missing 'NS'!
>
> From my rather brain-busting afternoon reading, I believe this situation
> is covered by section 4.4 of RFC 6840, which requires a validator to ensure
> the NS type bit is set for an insecure delegation's NSEC(3) (or that it's
> covered by opt-out, but as Chris pointed out, that doesn't seem to be the
> case here).
>
I've left feedback for the dnsviz maintainer in the hopes that this case
> can be picked up in future.
>
Should be fixed now. Not sure why I hadn't implemented that check before,
but I have now.
Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140120/747090c9/attachment-0001.html>
More information about the bind-users
mailing list