[dns-operations] BIND omitting CNAME wildcard NSEC when cd=1 ?

Geoffrey Sisson geoff at dns-oarc.net
Wed Apr 27 12:49:34 UTC 2011

"George Barwood" <george.barwood at blueyonder.co.uk> wrote:

> Is the BIND ODVR configured to use forwarders? I guess not, but if so
> that could be relevant.

It doesn't use forwarders.  There was a stub zone that used forwarders
for the .de DNSSEC testbed, like this:


But it's now been replaced by the new (in 9.8.0) static-stub zone:


I briefly commented out this zone to see whether it made any difference
wrt the wildcard NSEC RR for *.cw.test.itec-usa.com, and it didn't.


More information about the dns-operations mailing list