[nsd-users] zones with a DS record without corresponding NS records
Paul Wouters
paul at xelerance.com
Sat Jul 4 02:38:03 UTC 2009
Hi,
I just ran into a little bug where I had a zone that contained a DS
record for a delegation, but mistakenly did not include any NS records
for that delegation.
ldns-read-zone sees no problem with this zone and nsd zonec compiler
compiled this zone without an error. I guess zonec does not perform any
checks, but ldns-readzone should probably through an error.
Bind's named-checkzone passed the zone as valid, however bind's
dnssec-signzone refused to sign this zone.
I'm not sure what the proper behaviour should be in this case. Though
I would prefer that named-checkzone would not OK anything that
dnssec-signzone refuses to sign.
Paul
More information about the nsd-users
mailing list