[Opendnssec-develop] Re: [OpenDNSSEC] #217: KASP accepts algorithm 2 for NSEC3 records

OpenDNSSEC owner-dnssec-trac at kirei.se
Thu Feb 10 19:54:07 UTC 2011

#217: KASP accepts algorithm 2 for NSEC3 records
Reporter:  Sebastian Castro <sebastian@…>            |        Owner:  alex    
    Type:  defect                                    |       Status:  assigned
Priority:  minor                                     |    Component:  Signer  
 Version:  1.2.0                                     |   Resolution:          
Keywords:                                            |  

Comment (by Sebastian Castro <sebastian@…>):

 Replying to [comment:1 matthijs]:
 > I would say that ods-kaspcheck should return an error.
 > The signer should error, but the bug is actually in ldns. Will fix it

 ods-kaspcheck happily validates the policy as you can see in the attached
 file. The zone is signed, but it won't validate by any modern DNS server.

Ticket URL: <http://trac.opendnssec.org/ticket/217#comment:4>
OpenDNSSEC <http://www.opendnssec.org/>

More information about the Opendnssec-develop mailing list