On Mon, Aug 7, 2023 at 9:20 PM Mark Andrews <ma...@isc.org> wrote: > > You can’t query for NSEC3 records. NSEC3 names do not prevent wildcard > matches nor are NSEC3 records or their RRSIGs returned for * queries at the > hashed name. They are pure metadata. NSEC3 records and their RRSIGs exist > in their own namespace. >
I'm well aware. My comment was specifically related to the constraint that NSEC records cannot be the sole record type owned by a domain name. That constraint was in 4035 though, and perhaps cannot even be extrapolated to NSEC3. Shumon.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
