DNS format error
Mukund Sivaraman
muks at isc.org
Wed Jul 29 13:22:55 UTC 2015
Hi Tony, Yang
On Tue, Jul 28, 2015 at 10:41:49PM +0100, Tony Finch wrote:
> However the weirdness in the NSEC3 record is not what is upsetting BIND,
> and it might be a bug. A noerror response with just NSEC3 and RRSIG(NSEC3)
> in the authority section should (I think) be treated as a type 3 nodata
> response (see RFC 2308). However BIND requires type 3 nodata responses to
> have completely empty authority sections. BIND will only recognise type 1
> or type 2 nodata responses (with SOA records in the authority section)
> from signed zones.
Mark pointed out on our internal bug ticket that RFC 2308 section 3
requires "no data" replies from signed zones to have an SOA RR in the
authority section.
Mukund
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150729/4ed3521c/attachment.bin>
More information about the bind-users
mailing list