Thanks. Indeed I was stupid: wrong base32 encoding
--
Nicholas Weaver it is a tale, told by an idiot,
nwea...@icsi.berkeley.edufull of sound and fury,
510-666-2903 .signifying nothing
PGP: http://www1.icsi.berkeley.edu/~nweaver/
Hi Nicholas
On Wed, Feb 12, 2014 at 07:35:47AM -0800, Nicholas Weaver wrote:
> Looking at com, the NSEC3 for "com" is:
> CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - ...
>
> (Algorithm 1 -> SHA-1, flag = 1, iterations = 0, salt = None, fetched by "dig
> +dnssec MX com @a.gtld-ser
It might be because NSEC3 uses base32 with extended hex alphabet.
Looks like you're using plain base32.
See http://tools.ietf.org/html/rfc4648#section-7
--Shumon.
On Wed, Feb 12, 2014 at 07:35:47AM -0800, Nicholas Weaver wrote:
> I'm trying to do my own implementation of NSEC3 as part of my dyna
I'm trying to do my own implementation of NSEC3 as part of my dynamic DNSSEC
server (in order to do NSEC3 lies for NXDOMAIN, since you can't do such a lie
with NSEC, NSEC lies only allow "0 answer noerror" which is unfortunately NOT
the same)
But I appear to be doing something stupid, and am no
