[nsd-users] wrong NSEC3 responses

Klaus Darilion klaus.darilion at nic.at
Wed Aug 17 11:40:21 UTC 2022


Hi Anand!

> -----Ursprüngliche Nachricht-----
> Von: Anand Buddhdev <anandb at ripe.net>
> Gesendet: Mittwoch, 17. August 2022 12:06
> An: Klaus Darilion <klaus.darilion at nic.at>; nsd-users at lists.nlnetlabs.nl
> Betreff: Re: [nsd-users] wrong NSEC3 responses
> 
> On 17/08/2022 10:42, Klaus Darilion via nsd-users wrote:
> 
> Hi Klaus,
> 
> > We noticed that some of our NSD 4.3.5 secondaries answered with
> > incomplete NSEC3 RRs for NOERROR/NODATA queries. See below. We
> could fix
> > the issue by restarting NSD, or by "force_transfer" the zone. I see
> > there are some NSEC3 related changes since 4.3.5, but the commit
> > messages do not fit our problems. Hence, have you heard about this
> > problem? Shall we further debug/watch the issue, or shall we just
> > upgrade to 4.6 to get all NSEC3 fixes.
> 
> Actually, I think you might be seeing this:
> 
> https://github.com/NLnetLabs/nsd/issues/171

That sounds possible.

> And you will certainly have to update to something newer than 4.3.5 to
> avoid this issue.

We are on the way to 4.6  - seeing my other questions on the mailing list :)

Thanks
Klaus


More information about the nsd-users mailing list