In message <[email protected]>, Evan Hunt writes: > > BIND <=9.5 doesn't know that it's supposed to pass them in a NXDOMAIN > > response. > > Correct, and whoops. We should have backported at least that much > knowledge of NSEC3.
Not really. You need a NSEC3 aware path between the validator and the authoritative servers to use NSEC3. This is no different to needing a DNSSEC aware path between the validator and the authoritative server for DNSSEC. Some things just don't work through old servers. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
