[dns-operations] BIND omitting CNAME wildcard NSEC when cd=1 ?

Keith Mitchell keith at isc.org
Thu Apr 28 19:08:33 UTC 2011

Just to confirm that we have been looking into this as a potential BIND
bug and will report back when we have more information. Thanks George
and Geoff for bringing this to ISC's attention.


Geoffrey Sisson wrote:
> "George Barwood" <george.barwood at blueyonder.co.uk> wrote:
>> Is the BIND ODVR configured to use forwarders? I guess not, but if so
>> that could be relevant.
> It doesn't use forwarders.  There was a stub zone that used forwarders
> for the .de DNSSEC testbed, like this:
>     http://www.denic.de/fileadmin/public/events/DNSSEC_testbed/dnssec-testbed-muster-bind.txt
> But it's now been replaced by the new (in 9.8.0) static-stub zone:
>     http://www.denic.de/fileadmin/public/events/DNSSEC_testbed/dnssec-testbed-muster-bind98.txt
> I briefly commented out this zone to see whether it made any difference
> wrt the wildcard NSEC RR for *.cw.test.itec-usa.com, and it didn't.
> Geoff

More information about the dns-operations mailing list