We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Daniel Stirnimann writes:
I have a question regarding the DNSSEC check "NSEC3 without a corresponding record (or empty non-terminal)".
My sample zone example.com looks as follow:
$TTL 1d $INCLUDE Kexample.com.+008+18169.key $INCLUDE Kexample.com.+008+57699.key @ IN SOA ns.example.com. hostmaster.example.com. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.net. 1.1.1.1.1.1.1.1.1.1.33 IN NS ns1.example.net.
I sign the zone with the following command: dnssec-signzone -t -3 94CD -H 1 example.com
dnssec-signzone -t -3 94CD -H 1 example.com
validns (v0.4) gives me ten validation errors for the above mentioned "empty non-terminal" check.
Why is this considered an error? Empty non-terminals have NSEC3 records. So where is the problem?
The text was updated successfully, but these errors were encountered:
654dba8
No branches or pull requests
Daniel Stirnimann writes:
I have a question regarding the DNSSEC check "NSEC3 without a
corresponding record (or empty non-terminal)".
My sample zone example.com looks as follow:
I sign the zone with the following command:
dnssec-signzone -t -3 94CD -H 1 example.comvalidns (v0.4) gives me ten validation errors for the above mentioned
"empty non-terminal" check.
Why is this considered an error? Empty non-terminals have NSEC3 records.
So where is the problem?
The text was updated successfully, but these errors were encountered: