[Pdns-dev] CloudFlare NSEC black lies - any plans for support?

Peter van Dijk peter.van.dijk at powerdns.com
Thu Jul 21 12:08:16 UTC 2016


On 21 Jul 2016, at 13:20, bert hubert wrote:

> On Thu, Jul 21, 2016 at 02:00:36PM +0300, Cristian Seres wrote:
>> I know about the NSEC3 narrow mode in PowerDNS. I suppose that's the best
>> available option to decrease information leak at the moment. RFC7129
>> appendix B calls them "NSEC3 White Lies" which is more commonly used term
>> than narrow mode, I think.
> We used it way before RFC7129, which may explain.

In fact the output in 7129 was verified against PowerDNS’ narrow mode :)

Kind regards,
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

More information about the Pdns-dev mailing list