On Mon, Oct 10, 2016 at 6:15 PM, Mark Andrews wrote:
>
> In message <0be787cd-3877-48c0-8bf9-3e15f605d...@dnss.ec>, Roy Arends writes:
>> On 10 Oct 2016, at 21:39, Mark Andrews wrote:
>> >=20
>> >=20
>> > In message , Roy Arends =
>> writes:
>> >> Having read the draft
>> >>=20
>> >> How does one
In message <0be787cd-3877-48c0-8bf9-3e15f605d...@dnss.ec>, Roy Arends writes:
> On 10 Oct 2016, at 21:39, Mark Andrews wrote:
> >=20
> >=20
> > In message , Roy Arends =
> writes:
> >> Having read the draft
> >>=20
> >> How does one distinguish a Empty Non-Terminal NODATA response from an
> >> NX
On 10 Oct 2016, at 21:39, Mark Andrews wrote:
>
>
> In message , Roy Arends writes:
>> Having read the draft
>>
>> How does one distinguish a Empty Non-Terminal NODATA response from an
>> NXDOMAIN response, solely by looking at the NSEC or NSEC3 records.
>
> NSEC: Find the NSEC record that pr
In message , Roy Arends writes:
> Having read the draft
>
> How does one distinguish a Empty Non-Terminal NODATA response from an
> NXDOMAIN response, solely by looking at the NSEC or NSEC3 records.
NSEC: Find the NSEC record that proves that there are no records
at the given name (note all of t
Having read the draft…
How does one distinguish a Empty Non-Terminal NODATA response from an NXDOMAIN
response, solely by looking at the NSEC or NSEC3 records.
There is an attack vector where an RCODE0 can be replaced by RCODE3 while
keeping the rest of the response completely intact, causing
