* Stephane Bortzmeyer [2015-04-22 16:16]: > On Wed, Apr 22, 2015 at 03:12:24PM +0200, > Stephane Bortzmeyer <bortzme...@nic.fr> wrote > a message of 30 lines which said: > >> IMHO, all the name servers should reply NXDOMAIN, no? > > Or could it be a "minimum response", intended to prevent zone > enumeration?
It's not minimal, the hash range is very large (wraparound record from D9D... to VVV... and 000... to 4DL...), covering the hashes of the query name, wildcard name and closest encloser. > d9dhvu2eiln97dgi23tkh43hq2uvh7uq.adult. 829 IN NSEC3 1 1 1 D399EAAB > 4DLOEEUR1VQ4LQ6N7QUS62O2MAIUPGRM NS SOA RRSIG DNSKEY NSEC3PARAM I'd expect NXDOMAIN, too. Apart from an unusual rcode, the response looks valid. Does this qualify as a protocol violation? Regards, Matt
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
