[dns-operations] BIND omitting CNAME wildcard NSEC when cd=1 ?
Geoffrey Sisson
geoff at dns-oarc.net
Wed Apr 27 12:49:34 UTC 2011
"George Barwood" <george.barwood at blueyonder.co.uk> wrote:
> Is the BIND ODVR configured to use forwarders? I guess not, but if so
> that could be relevant.
It doesn't use forwarders. There was a stub zone that used forwarders
for the .de DNSSEC testbed, like this:
http://www.denic.de/fileadmin/public/events/DNSSEC_testbed/dnssec-testbed-muster-bind.txt
But it's now been replaced by the new (in 9.8.0) static-stub zone:
http://www.denic.de/fileadmin/public/events/DNSSEC_testbed/dnssec-testbed-muster-bind98.txt
I briefly commented out this zone to see whether it made any difference
wrt the wildcard NSEC RR for *.cw.test.itec-usa.com, and it didn't.
Geoff
More information about the dns-operations
mailing list