Hello, I have a signed zone (dnssec.lu) with NSEC3 / no optout, signed through OpenDNSSEC. The zone contains a wildcard with a TXT and A record.
Each time the server is queried for something where the QNAME is matched by the wildcard, but the QTYPE is not, named logs a warning: "expected covering NSEC3, got an exact match". This behaviour exists only if a wildcard is present in the zone. The zone doesn't contain any stale or unnecessary NSEC3 records. Is there an explanation for the warning? Apart from complaining, bind seems to do everything correctly. (Bind 9.7.1 P1) best, Gilles -- Fondation RESTENA - DNS-LU 6, rue Coudenhove-Kalergi L-1359 Luxembourg tel: (+352) 424409 fax: (+352) 422473 _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
