[dns-operations] Looking for zones using white lies (RFC 4470)

Shumon Huque shuque at gmail.com
Sat Jan 28 02:49:58 UTC 2023


On Fri, Jan 27, 2023 at 11:16 AM Paul Ebersman <
list-dns-operations at dragon.net> wrote:

> shuque> UltraDNS (Neustar Security Services) is known to use NSEC White
> shuque> Lies. I have a test zone there,
>
> shuque> which you can examine: "[[ultratest.huque.com]]".
>
> My recollection is that the NSS implementation is really grey lies,
> i.e. not quite RFC white lies but not fully black like cloudflare.
>

Paul - what's the definition of "grey lies"?

The UltraDNS implementation doesn't use the more precise white lies
epsilon function defined in the spec, but it is probably good enough for
all practical purposes.

And it's much closer to white lies than "black" lies, because it preserves
the correct semantics of NXDOMAIN.

Shumon.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20230127/cc2a21d3/attachment.html>


More information about the dns-operations mailing list