[dns-operations] nsec3param rdata differs from nsec3 rdata
王楠
wangnan at cnnic.cn
Wed Sep 25 02:35:51 UTC 2013
Hi to all,
Perhaps a silly question.
As described in RFC5155, the RDATA for NSEC3PARAM mirrors the first four
fields in the NSEC3 RR.
I've look up the nsec3param of com.:
; <<>> DiG 9.8.0 <<>> @8.8.8.8 com nsec3param
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58060
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;com. IN NSEC3PARAM
;; ANSWER SECTION:
com. 21600 IN NSEC3PARAM 1 0 0 -
Its flags is 0.
Then I look up a non-existent domain with dnssec:
; <<>> DiG 9.8.0 <<>> @8.8.8.8 kjsadjasoiudasoiudsa.com. a +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31699
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;kjsadjasoiudasoiudsa.com. IN A
;; AUTHORITY SECTION:
com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1380076365
1800 900 604800 86400
com. 900 IN RRSIG SOA 8 1 900 20131002023245 20130925012245 8795 com.
dzXDVF1gsUVzYk7KdMOwqO5yJReBb8jaymYPaj5ZLsvOv7kHEuzMY7qv
dUxXjAA+qqm9lImXfWIu90U2dK6XTIumnZhLhzgfYYP2pQ5r+pZMPb1r
peWjscHmxSaE/7iOBykI/AROcaNNxEZfsgQHZUInOvofC+f9FV99KivK 7Ig=
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 21600 IN NSEC3 1 1 0 -
CK0RFQAOES8CTVNVNH4G6Q85NOQAQ8I9 NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 21600 IN RRSIG NSEC3 8 2 86400
20131001044158 20130924033158 8795 com.
c+W4fkLqnTtu6XL7Bicwsm9YL0xrAfiO6JIhWqDVaxUAtwLFVcHUIgAE
28lwK0cKBoH2l4kUQ1br4f1+0UKrENaIEyYNckVcriJoIgTkJVvOzEDZ
UQuTXt1kEIG185puDKsO/tJKEChZUbflVm1uvmXQbvbFJvifF2RZ1ueV UW4=
PCD87LHN4A34E9JB9656PD359AT67C4B.com. 21600 IN NSEC3 1 1 0 -
PCDIRKJF2VGC5MP5DCTMBAAB53F3MRVP NS DS RRSIG
PCD87LHN4A34E9JB9656PD359AT67C4B.com. 21600 IN RRSIG NSEC3 8 2 86400
20131001060008 20130924045008 8795 com.
OfTJRPiB200QnS0otRCE2M5YN9subWIwemVJ0w28fV5exxJJdVatU1po
ZWnQ1/qTioun+oj2oiqGvV5VgLKBqMTyyK0JtybNTrCMqBKUsCTIGx/h
JXb3gukiFzdBW4FWFREWXQmXsBcUa4CfGPFIJQHRbaeBhkFtEQ+77gA8 moI=
3RL20VCNK6KV8OT9TDIJPI0JU1SS6ONS.com. 21600 IN NSEC3 1 1 0 -
3RL6P2SC3PCQ1OCQBP3075NNJVOSMU0I NS DS RRSIG
3RL20VCNK6KV8OT9TDIJPI0JU1SS6ONS.com. 21600 IN RRSIG NSEC3 8 2 86400
20130928042044 20130921031044 8795 com.
p9pSXNoMwYs56eCywWKKZnvex/lmjMniRaFsfQhPhdpzdC/9YGg2fkJl
wFGrv2LcCnfpRWAFVRlVv+rTZ+CW+3/6j3xHYZi0fJ3Ex7nQifHCnzqz
ZoIgzwc+c2TSvZMw1F0tdJYPGm63zn8vxn6ZWwJLnSI2T27gkEUTlOX4 ZGE=
Notice that the flags of nsec3 is 1.
Someone could explain me why these 2 flags are different??
Thank you in advance.
--
王楠
软件部 技术研发中心
----------------------------------------
==专业•责任•服务==
中国互联网络信息中心 CNNIC
电 话:(8610)-58813129
网 址: www.cnnic.cn
中国互联网络信息中心.中国
地 址:北京市海淀区中关村南4街4号
北京349信箱6分箱(100080)
----------------------------------------
More information about the dns-operations
mailing list