expected covering NSEC3, got an exact match
Chris Thompson
cet1 at cam.ac.uk
Thu Sep 22 21:57:17 UTC 2011
There was some correspondence last year about this warning message, but
this seems to be caused by something new.
Since 2011-09-02 we have been seeing messages like this
Sep 22 16:38:52 authdns1.csx.cam.ac.uk named[646]: dnssec: warning:
client 149.20.58.131#52557: expected covering NSEC3, got an exact match
on both our main authoritative-only (recursion no) nameservers. Our own
zones don't use NSEC3, but we do officially slave two that do (srcf.net
and srcf.ucam.org) so I have been assuming that they are responsible in
some way. But we didn't change anything in the server configuration at
the time the messages started, and the zone administrator (hi, Malcolm!)
says the same about the contents of the two zones.
We were running BIND 9.7.4 at that stage, but upgrading to 9.8.1 hasn't
caused the messages to go away, as I had rather hoped.
Has anyone any clues about this one? Or observed anything similar?
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list