On 02/13/2011 11:35 AM, Stephane Bortzmeyer wrote:
On Sun, Feb 13, 2011 at 10:51:30AM +0000,
Phil Mayers<p.may...@imperial.ac.uk> wrote
a message of 31 lines which said:
This is documented in the Bind ARM
OK, thanks, I missed this section.
i.e. the *presence* of the record is normal.
I'm not convinced (and the ARM is far from clear about it).
Well, you're correct that they are absent "most" of the time.
OTOH I have a zone (NSEC not NSEC3) which is managed by dynamic updates
currently has a TYPE65534 at the apex, and the NSEC record names the
TYPE65534 and it's RRSIG is valid - try:
dig +dnssec bar.ic.ac.uk
(assuming the TYPE65534 doesn't vanish... in the meantime)
IOW, it sounds like a bug in the code for NSEC3, because I think it
works for NSEC.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users