[dns-operations] Forged Delegation Injection into Empty Non-Terminal with NSEC3
marka at isc.org
Wed Jan 17 07:13:39 UTC 2018
Also from RFC 5155
Each empty non-terminal MUST have a corresponding NSEC3 RR, unless
the empty non-terminal is only derived from an insecure delegation
covered by an Opt-Out NSEC3 RR.
The example ENTs presented are part of the unless.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations