[Opendnssec-user] occluded data?
Rickard Bellgrim
rickard.bellgrim at iis.se
Fri Nov 19 15:23:46 UTC 2010
On 19 nov 2010, at 15.55, Michael Braunoeder wrote:
> The zonefile looks like this:
>
> at. 172800 IN NS d.nic.at.
> at. 172800 IN NS j.nic.at.
> at. 172800 IN NS n.nic.at.
> at. 172800 IN NS ns1.univie.ac.at.
> at. 172800 IN NS ns2.univie.ac.at.
> at. 172800 IN NS ns9.univie.ac.at.
> at. 172800 IN NS ns-uk.nic.at.
>
> and contains the corresponding A and AAAA glue records.
>
> From my point of view, this is a valid setup or do I miss something?
Hmm, yes. This might be a special case.
The occluded data check is designed to ignore data that is not glue for the current subdomain. In your case, you have glue for something that can be resolved using DNS. nic.at and ac.at is delegated to another NS. The question is what is the correct thing to do? Do you know Matthijs?
// Rickard
More information about the Opendnssec-user
mailing list