[nsd-users] wrong NSEC3 responses

Anand Buddhdev anandb at ripe.net
Wed Aug 17 10:06:16 UTC 2022


On 17/08/2022 10:42, Klaus Darilion via nsd-users wrote:

Hi Klaus,

> We noticed that some of our NSD 4.3.5 secondaries answered with
> incomplete NSEC3 RRs for NOERROR/NODATA queries. See below. We could fix
> the issue by restarting NSD, or by "force_transfer" the zone. I see
> there are some NSEC3 related changes since 4.3.5, but the commit
> messages do not fit our problems. Hence, have you heard about this
> problem? Shall we further debug/watch the issue, or shall we just
> upgrade to 4.6 to get all NSEC3 fixes.

Actually, I think you might be seeing this:

https://github.com/NLnetLabs/nsd/issues/171

And you will certainly have to update to something newer than 4.3.5 to 
avoid this issue.

Regards,
Anand


More information about the nsd-users mailing list