So far - no SHA-2 records. Only DS records with SHA-1. I'll add DS records with SHA-2 and try again ... So the "error" of the mismatched must be in the SHA-2 DS records ? And *not* in the SHA-1's ? Or in both ?
Kind regards, Marc -----Original Message----- From: 'Stephane Bortzmeyer' [mailto:bortzme...@nic.fr] Sent: 09 May 2011 01:46 PM To: Marc Lampo Cc: bind-users@lists.isc.org Subject: Re: [DNSSEC] Resolver behavior with broken DS records On Mon, May 09, 2011 at 01:00:03PM +0200, Marc Lampo <marc.la...@eurid.eu> wrote a message of 47 lines which said: > 1 correct DS record, > 1 DS record, correct in everything but the algorithm And one DS record hashed with SHA-1 and one hashed with SHA-2? This was necessary to trigger the problem, because of RFC 4509, section 3 (SHA-1 records are ignored if SHA-2 ones are present). _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
