[Opendnssec-develop] NSEC next_domain in canonical form

Alexd at nominet.org.uk Alexd at nominet.org.uk
Fri Mar 26 06:59:53 UTC 2010


> I tried a zone on my machine, with mixed uppercase/lowercase domain
> names. The signer creates nicely NSEC records, with lower case domain
> names on the right side.
> 
> Could it be that a local setting on your machine ignores the effect of
> lowercasing (tolower) ?

The thing is that Dave reports that BIND/LDNS both verify the zone (which 
has been signed with uppercase NSEC rdata). Dnsruby fails it, as it 
downcases the rdata, as specified by RFC4034.

Regardless of how the zone has been created, these libraries should *not* 
verify the zone.


Alex.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20100326/b779d518/attachment.htm>


More information about the Opendnssec-develop mailing list