On 1/31/19 4:57 PM, Mark Andrews wrote: > Given type 1 is a SHA-1 fingerprint it isn’t legal. Named just > hasn’t added type to length to the parsing code. > > No real SSHFP will be 1 octet long.
While I agree that it's junk, the RFC doesn't give the DNS software the ability to make that decision from my reading. There is nothing in the RFC about validating the correctness of the data: -- The RDATA of the presentation format of the SSHFP resource record consists of two numbers (algorithm and fingerprint type) followed by the fingerprint itself, presented in hex, e.g.: host.example. SSHFP 2 1 123456789abcdef67890123456789abcdef67890 -- AlanC _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users