[DNSSEC] Dealing with an inconsistent NSEC
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Oct 23 13:36:04 UTC 2012
On Tue, Oct 23, 2012 at 06:27:12AM -0700,
Casey Deccio <casey at deccio.net> wrote
a message of 88 lines which said:
> The issue here is that no delegation NS records exist for
> v1.pcextreme.nlin its parent zone, pcextreme.nl. Thus when any
> server (authoritative for both zones) is queried for
> v1.pcextreme.nl/DS, NXDOMAIN is returned because there are no
> records by that name in the parent (no DS or NS).
But it should reply NOERROR,DATA=0, no NXDOMAIN. Indeed,
pcextreme.nl's name servers reply NXDOMAIN for DS queries but not for
other QTYPES.
So, no bug in BIND and Unbound, only in the zone?
More information about the bind-users
mailing list