[Unbound-users] Strange validation errors for proofs of non-existence in .com, .net, .org TLD (is it due to NSEC3 opt-out or I am missing some trust anchor?)

Blacka, David davidb at verisign.com
Wed Jan 2 18:02:15 UTC 2013

On Jan 2, 2013, at 12:31 PM, Ondrej Mikle <ondrej.mikle at nic.cz> wrote:

> Does anyone know since when do the com/net/org NSEC3s have the opt-out bit set?

Not speaking for org, but com and net have had the opt-out bit set the entire time they have been signed.

David Blacka                          <davidb at verisign.com> 
Principal               Verisign Infrastructure Engineering

More information about the Unbound-users mailing list