[nsd-users] wildcard+ANY validation issue between NSD and Unbound
Peter van Dijk
peter.van.dijk at netherlabs.nl
Fri Feb 24 13:37:42 UTC 2012
On Feb 24, 2012, at 14:28 , Miek Gieben wrote:
> [ Quoting <peter.van.dijk at netherlabs> at 13:12 on Feb 24 in "[nsd-users] wildcard..." ]
>> RFC4035 appears not to cover the interaction between ANY and NSEC at
>> all.
>
> That's because ANY has been loosly defined (I'm not sure there is a written
> down definition) as give me the records you've got. In case you hit a
> cache with an ANY query there is no guarantee what so ever that it should
> all validate. I think that even for authoritative servers you can pretty
> much do what you want if it receives a QTYPE = ANY.
While that is true, I feel that whatever an auth chooses to serve up for ANY would still consist of zero or more RRsets, which means the RRSIGs and NSECs that go with them could validate. Right?
Kind regards,
Peter van Dijk
More information about the nsd-users
mailing list