[Pdns-dev] PowerDNSSEC Progress: packages & production use
cmeerw at cmeerw.org
Wed Jan 12 08:49:39 CET 2011
On Tue, 11 Jan 2011 23:23:04 +0100, bert hubert wrote:
> On Tue, Jan 11, 2011 at 11:07:01PM +0100, Christof Meerwald wrote:
>> @ IN SOA ns.cmeerw.net. domain.cmeerw.net. (
>> 2010080601 ; Serial Number: YYYYYMMDDxx
>> 1h ; Refresh time
>> 900 ; Retry Time
>> 21d ; Expire Time
>> 1h ; Minimum TTL
>> IN NS ns.cmeerw.net.
>> IN NS ns2.cmeerw.net.
> This is actually a fascinating zone! It has only 1 name, which confuses the
> NSEC3 logic. I'm studying how to deal with this, probably by returning an
> NSEC3 with the same beginning and end, but it sure looks weird.
> To solve, add another record or move to NSEC3 narrow.
NSEC3 narrow appears to work, but just adding another record (e.g.
"test IN A 127.0.0.1") doesn't seem to fix it - it still crashes when
trying to query a non-existing record, e.g. x.cmeerw.priv.at.
http://cmeerw.org sip:cmeerw at cmeerw.org
mailto:cmeerw at cmeerw.org xmpp:cmeerw at cmeerw.org
More information about the Pdns-dev