On Mon, Jan 20, 2014 at 12:46 PM, Graham Clinch <g.cli...@lancaster.ac.uk>wrote:
> Thanks for the replies - and noticing the missing 'NS'! > > From my rather brain-busting afternoon reading, I believe this situation > is covered by section 4.4 of RFC 6840, which requires a validator to ensure > the NS type bit is set for an insecure delegation's NSEC(3) (or that it's > covered by opt-out, but as Chris pointed out, that doesn't seem to be the > case here). > I've left feedback for the dnsviz maintainer in the hopes that this case > can be picked up in future. > Should be fixed now. Not sure why I hadn't implemented that check before, but I have now. Casey
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
