[dns-operations] signing a zone with NSEC3 records.

David Conrad drc at virtualized.org
Fri Sep 11 16:49:45 UTC 2009

On Sep 11, 2009, at 12:04 AM, Florian Weimer wrote:
>> % dig +dnssec any abc.org @B0.ORG.AFILIAS-NST.org.
> The relevant case is DO=0.  Then the NSEC3 records aren't included
> because their owner name doesn't match.

Only 30% of the queries reaching the root have DO=0 (and by  
implication any authority) at this point in time.


More information about the dns-operations mailing list