Re: NSEC3 ISSUE
On 01/07/11 14:25, rams wrote: I have trouble resolving the host name dnssecnsec3qatestdomain.com http://dnssecnsec3qatestdomain.com. which is NSEC3 signed. This is the parent and child zone. If I run dig ( dnssec query) with the +cd option I which is a proper response: What version of bind are you using? My wild guess is that it's not recent enough to recognize NSEC3 signatures. Bind 9.4.3 was not, and I got exactly the same symptoms. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Question on ADDITIONAL SECTION
In article mailman.1174.1293760404.555.bind-us...@lists.isc.org, p...@mail.nsbeta.info wrote: Because the 2nd response also included Authority Section, the additional data are the addresses of the authoritative servers. Thanks. But why the second has an AUTHORITY SECTION included? but the first doesn't? It's an option that the server implementors or operators can select. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users