[Pdns-dev] CloudFlare NSEC black lies - any plans for support?
Peter van Dijk
peter.van.dijk at powerdns.com
Thu Jul 21 12:08:16 UTC 2016
Hello,
On 21 Jul 2016, at 13:20, bert hubert wrote:
> On Thu, Jul 21, 2016 at 02:00:36PM +0300, Cristian Seres wrote:
>> I know about the NSEC3 narrow mode in PowerDNS. I suppose that's the best
>> available option to decrease information leak at the moment. RFC7129
>> appendix B calls them "NSEC3 White Lies" which is more commonly used term
>> than narrow mode, I think.
>
> We used it way before RFC7129, which may explain.
In fact the output in 7129 was verified against PowerDNS’ narrow mode :)
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
More information about the Pdns-dev
mailing list