In message <alpine.bsf.2.00.1301100106560.55...@joyce.lan>, "John R. Levine" wr ites: > >> One is a stunt rDNS server that synthesizes the records on demand. > >> (Bonus points for doing DNSSEC, too. Double bonus points for doing > >> NSEC3.) > > > > NSEC3 is a waste of time in ip6.arpa or any similarly structured > > zone so -1000000 for doing NEC3 and effectively doing a DoS attack > > against yourself and the client resolvers. > > I know, but figuring out on the fly what order the hashes are would > be quite a coding feat.
subtract labels until you have one which fits the namespace pattern. that is the closest encloser <ce>. hash that name for the closest encloser. hash <label>.<ce> add/subtact one for the second half of the noqname proof. hash *.<ce> add/subtact one for the no wildcard proof. > R's, > John -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org