[nsd-users] nsec3 hash collision

Fredrik Pettai pettai at nordu.net
Mon Feb 6 09:23:27 UTC 2017

> On 6 Feb 2017, at 10:09, Fredrik Pettai <pettai at nordu.net> wrote:
>> The sender is sending queries for a nonexist name that hashes (exactly)
>> to the same hash as the hash for an existing name in the zone.
> Oh, is this possible? This is just a small zone containing ~1200 RRs
> (Which leads to the question if it exist any kind of statistics regarding this?)
> Looks more like a bug or non-existing or bad verification at the master/signer side

Hmm…perhaps I interpreted your explanation above
Are you saying someone (else?) is querying the zone at my NSD slave, and that those queries
(because there are a lot for log entries), are “expanded" to the exact same hash as an existing hash for another record in the zone?
…which also sounds like it shouldn’t be possible (in theory).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20170206/96f27a59/attachment.bin>

More information about the nsd-users mailing list