Hi Tony, Yang

On Tue, Jul 28, 2015 at 10:41:49PM +0100, Tony Finch wrote:
> However the weirdness in the NSEC3 record is not what is upsetting BIND,
> and it might be a bug. A noerror response with just NSEC3 and RRSIG(NSEC3)
> in the authority section should (I think) be treated as a type 3 nodata
> response (see RFC 2308). However BIND requires type 3 nodata responses to
> have completely empty authority sections. BIND will only recognise type 1
> or type 2 nodata responses (with SOA records in the authority section)
> from signed zones.

Mark pointed out on our internal bug ticket that RFC 2308 section 3
requires "no data" replies from signed zones to have an SOA RR in the
authority section.

                Mukund

Attachment: pgpGbmLx5vWnF.pgp
Description: PGP signature

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to