reason for "expected covering NSEC3, got an exact match" ?
Gilles Massen
gilles.massen at restena.lu
Tue Jul 13 12:28:25 UTC 2010
Hello,
I have a signed zone (dnssec.lu) with NSEC3 / no optout, signed through
OpenDNSSEC. The zone contains a wildcard with a TXT and A record.
Each time the server is queried for something where the QNAME is matched
by the wildcard, but the QTYPE is not, named logs a warning: "expected
covering NSEC3, got an exact match".
This behaviour exists only if a wildcard is present in the zone. The
zone doesn't contain any stale or unnecessary NSEC3 records.
Is there an explanation for the warning? Apart from complaining, bind
seems to do everything correctly. (Bind 9.7.1 P1)
best,
Gilles
--
Fondation RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473
More information about the bind-users
mailing list