[dns-operations] Validating or not validating (ICANN controlled interruption)
Mark Andrews
marka at isc.org
Thu Sep 4 04:04:27 UTC 2014
In message <20140903233811.5EF131E52766 at rock.dv.isc.org>, Mark Andrews writes:
>
> In message <00173023-C534-466E-AB53-A04EEA577463 at nic.br>, Rubens Kuhl writes:
> >
> > What I can tell you is that registries and applicants suggested ICANN to
> > not require DNSSEC-signign of wildcard controlled interruption due to
> > likely differences in resolver behaviour, including some known bugs.
> >
> > Rubens
>
> OPTOUT + wildcard really doesn't make sense. If you are going to
> sign a zone with a wildcard record just don't set optout.
>
> That said I've opened a ticket to fix the validator.
3942. [bug] Wildcard responses from a optout range should be
marked as insecure. [RT #37072]
and will be in BIND 9.8.8, BIND 9.9.6, BIND 9.9.6(sub), BIND 9.10.1,
and BIND 9.11.0.
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list