I'm trying to do my own implementation of NSEC3 as part of my dynamic DNSSEC
server (in order to do NSEC3 lies for NXDOMAIN, since you can't do such a lie
with NSEC, NSEC lies only allow 0 answer noerror which is unfortunately NOT
the same)
But I appear to be doing something stupid, and am not
It might be because NSEC3 uses base32 with extended hex alphabet.
Looks like you're using plain base32.
See http://tools.ietf.org/html/rfc4648#section-7
--Shumon.
On Wed, Feb 12, 2014 at 07:35:47AM -0800, Nicholas Weaver wrote:
I'm trying to do my own implementation of NSEC3 as part of my
Hi Nicholas
On Wed, Feb 12, 2014 at 07:35:47AM -0800, Nicholas Weaver wrote:
Looking at com, the NSEC3 for com is:
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - ...
(Algorithm 1 - SHA-1, flag = 1, iterations = 0, salt = None, fetched by dig
+dnssec MX com
Thanks. Indeed I was stupid: wrong base32 encoding
--
Nicholas Weaver it is a tale, told by an idiot,
nwea...@icsi.berkeley.edufull of sound and fury,
510-666-2903 .signifying nothing
PGP: