nsec3 opt-out confusion (bug report)
Chris Thompson
cet1 at cam.ac.uk
Tue Apr 1 15:09:05 UTC 2014
On Apr 1 2014, Klaus Darilion wrote:
[...]
>Nevertheless, it seems there are still two bugs:
>1. The NSEC3 chain is not properly cleared when switching from
>non-opt-out to opt-out
>2. The NSEC3PARAM record always has the opt-out flag clear, even if
>opt-out is activated.
That last, at least, is not a bug. It is mandated by RFC 5155 - see
section 4.1.2.
This was really nic.at (and not example.com), wasn't it? Your domain
obfustication was half-hearted! I tried looking at it, but things
were changing too fast for me to get consistent results...
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list