[Opendnssec-user] Upgrading to 1.1
Mathieu Arnold
mat at mat.cc
Wed Jul 14 22:23:16 UTC 2010
+--On 14 juillet 2010 18:38:44 +0200 Matthijs Mekking
<matthijs at NLnetLabs.nl> wrote:
| -----BEGIN PGP SIGNED MESSAGE-----
| Hash: SHA1
|
| Hi Mathieu,
|
| I believe that it is correct that the signer puts that much NSEC3
| records in the zone. It has two for the domain names
| d.0.1.f.f.8.f.4.2.0.0.2.ip6.arpa. and
| 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.0.1.f.f.8.f.4.2.0.0.2.ip6.arpa.
|
| and 19 for the empty non-terminals that exist between these two domain
| names.
|
| So perhaps the auditor is complaining unjust.
Well, that was my point to begin with, there are either too many nsec3
thingies, or the auditor has a bug :-)
--
Mathieu Arnold
More information about the Opendnssec-user
mailing list