[dns-operations] It's begun...
cet1 at cam.ac.uk
Thu Oct 24 14:39:10 UTC 2013
On Oct 24 2013, I wrote:
>Part of the problem is that only one NSEC3 record is returned - the
>one covering the zone apex, which doesn't necessarily cover the
>name queried for. But validation seems to fail even in cases when
>the name is so covered.
Ah - Mark Andrews' post points out why that is. "*.xn--80asehdb"
(for example) isn't covered by the sole NSEC3 returned, even if
the queried name is.
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk Roger Needham Building, 7 JJ Thomson Avenue,
Phone: +44 1223 334715 Cambridge CB3 0RB, United Kingdom.
More information about the dns-operations