[ldns-users] LDNS and opt-out NSEC3 validation
Willem Toorop
Willem at NLnetLabs.nl
Tue Apr 24 20:30:19 UTC 2012
Hi John,
I just had a look at it, and it looks like the second paragraph of
section 8.6 of rfc5155 (dealing with Opt-Out NSEC3's for DS's) is not
(yet) implemented! I will dive into it and let you know when it is
implemented in trunk.
Thanks for finding this shortcoming.
Willem
Op 23-04-12 19:02, John Barnitz schreef:
> I am using LDNS to query the net zone for a DS record of a domain,
> for example, sample.net. The net zone is opt-out, so I get back NSEC3
> records and NOERROR. I am using ldns_dnssec_verify_denial_nsec3 to
> validate the response. I always get back
> LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED as a result code. Can anyone
> help me determine what is wrong, or is there a different function I
> should be using? Let me know if you need any more information.
>
> Thanks,
> John Barnitz
> _______________________________________________
> ldns-users mailing list
> ldns-users at open.nlnetlabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
More information about the ldns-users
mailing list