[nsd-users] wrong NSEC3 responses
Anand Buddhdev
anandb at ripe.net
Wed Aug 17 10:06:16 UTC 2022
On 17/08/2022 10:42, Klaus Darilion via nsd-users wrote:
Hi Klaus,
> We noticed that some of our NSD 4.3.5 secondaries answered with
> incomplete NSEC3 RRs for NOERROR/NODATA queries. See below. We could fix
> the issue by restarting NSD, or by "force_transfer" the zone. I see
> there are some NSEC3 related changes since 4.3.5, but the commit
> messages do not fit our problems. Hence, have you heard about this
> problem? Shall we further debug/watch the issue, or shall we just
> upgrade to 4.6 to get all NSEC3 fixes.
Actually, I think you might be seeing this:
https://github.com/NLnetLabs/nsd/issues/171
And you will certainly have to update to something newer than 4.3.5 to
avoid this issue.
Regards,
Anand
More information about the nsd-users
mailing list