[dns-operations] signing a zone with NSEC3 records.

David Conrad drc at virtualized.org
Fri Sep 11 16:49:45 UTC 2009

Previous message (by thread): [dns-operations] signing a zone with NSEC3 records.
Next message (by thread): [dns-operations] signing a zone with NSEC3 records.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sep 11, 2009, at 12:04 AM, Florian Weimer wrote:
>> % dig +dnssec any abc.org @B0.ORG.AFILIAS-NST.org.
>
> The relevant case is DO=0.  Then the NSEC3 records aren't included
> because their owner name doesn't match.

Only 30% of the queries reaching the root have DO=0 (and by  
implication any authority) at this point in time.

Regards,
-drc

Previous message (by thread): [dns-operations] signing a zone with NSEC3 records.
Next message (by thread): [dns-operations] signing a zone with NSEC3 records.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dns-operations mailing list