[dns-operations] BIND omitting CNAME wildcard NSEC when cd=1 ?
Keith Mitchell
keith at isc.org
Thu Apr 28 19:08:33 UTC 2011
Just to confirm that we have been looking into this as a potential BIND
bug and will report back when we have more information. Thanks George
and Geoff for bringing this to ISC's attention.
Keith
Geoffrey Sisson wrote:
> "George Barwood" <george.barwood at blueyonder.co.uk> wrote:
>
>> Is the BIND ODVR configured to use forwarders? I guess not, but if so
>> that could be relevant.
>
> It doesn't use forwarders. There was a stub zone that used forwarders
> for the .de DNSSEC testbed, like this:
>
> http://www.denic.de/fileadmin/public/events/DNSSEC_testbed/dnssec-testbed-muster-bind.txt
>
> But it's now been replaced by the new (in 9.8.0) static-stub zone:
>
> http://www.denic.de/fileadmin/public/events/DNSSEC_testbed/dnssec-testbed-muster-bind98.txt
>
> I briefly commented out this zone to see whether it made any difference
> wrt the wildcard NSEC RR for *.cw.test.itec-usa.com, and it didn't.
>
> Geoff
More information about the dns-operations
mailing list