[Opendnssec-develop] Re: [OpenDNSSEC] #217: KASP accepts algorithm 2 for NSEC3 records
OpenDNSSEC
owner-dnssec-trac at kirei.se
Thu Feb 10 19:54:07 UTC 2011
#217: KASP accepts algorithm 2 for NSEC3 records
-----------------------------------------------------+----------------------
Reporter: Sebastian Castro <sebastian@…> | Owner: alex
Type: defect | Status: assigned
Priority: minor | Component: Signer
Version: 1.2.0 | Resolution:
Keywords: |
-----------------------------------------------------+----------------------
Comment (by Sebastian Castro <sebastian@…>):
Replying to [comment:1 matthijs]:
> I would say that ods-kaspcheck should return an error.
>
> The signer should error, but the bug is actually in ldns. Will fix it
there.
ods-kaspcheck happily validates the policy as you can see in the attached
file. The zone is signed, but it won't validate by any modern DNS server.
--
Ticket URL: <http://trac.opendnssec.org/ticket/217#comment:4>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC
More information about the Opendnssec-develop
mailing list