[dns-operations] DS-side NSEC query
Mark Andrews
marka at isc.org
Fri Jul 29 15:09:10 UTC 2016
In message <20160729144036.GZ21165 at x28.adm.denic.de>, Peter Koch writes:
> On Sat, Jul 30, 2016 at 12:22:40AM +1000, Mark Andrews wrote:
> >
> > There are no rules for what is the "correct" answer. Additionally it is
> > pretty pointless to query for NSEC records.
>
> algorithm 4.3.2 in RFC 1034 would suggest that authoritative data
> takes precedence over a delegation. Hindsight, admittedly.
Both sides of the cut are authoritative for NSEC. NSEC is not like
other records.
foo. 86400 IN NSEC foodnetwork. NS DS RRSIG NSEC
foo. 300 IN NSEC aerialproject.foo. NS SOA RRSIG NSEC DNSKEY
Mark
> -Peter
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list