can't query for RRSIG that references NSEC3
Chris Thompson
cet1 at cam.ac.uk
Wed Jun 24 15:44:01 UTC 2009
On Jun 24 2009, Jack Tavares wrote:
>a correction:
>
>my dig command is
>
>dig @127.0.0.1 -t RRSIG 4PPH7Q8R02M0AD8MLJPS0UEH2AB9KFJL.test.net
>
>and I still get NXDOMAIN
NSEC3 records (and their associated RRSIG records) are, in a sense, not
properly part of the zone. RFC 5155 section 7,2,8 "Responding to Queries
for NSEC3 Owner Names" mandates the response you are seeing.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list