Thanks. I obviously missed that part of the rfc.
-- Jack Tavares ________________________________________ From: Chris Thompson [c...@hermes.cam.ac.uk] On Behalf Of Chris Thompson [c...@cam.ac.uk] Sent: Wednesday, June 24, 2009 18:44 To: Jack Tavares Cc: Bind Users Mailing List Subject: RE: can't query for RRSIG that references NSEC3 On Jun 24 2009, Jack Tavares wrote: >a correction: > >my dig command is > >dig @127.0.0.1 -t RRSIG 4PPH7Q8R02M0AD8MLJPS0UEH2AB9KFJL.test.net > >and I still get NXDOMAIN NSEC3 records (and their associated RRSIG records) are, in a sense, not properly part of the zone. RFC 5155 section 7,2,8 "Responding to Queries for NSEC3 Owner Names" mandates the response you are seeing. -- Chris Thompson Email: c...@cam.ac.uk _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
