[Opendnssec-user] occluded data?

Rickard Bellgrim rickard.bellgrim at iis.se
Fri Nov 19 15:23:46 UTC 2010


On 19 nov 2010, at 15.55, Michael Braunoeder wrote:

> The zonefile looks like this:
> 
> at.     172800  IN      NS      d.nic.at.
> at.     172800  IN      NS      j.nic.at.
> at.     172800  IN      NS      n.nic.at.
> at.     172800  IN      NS      ns1.univie.ac.at.
> at.     172800  IN      NS      ns2.univie.ac.at.
> at.     172800  IN      NS      ns9.univie.ac.at.
> at.     172800  IN      NS      ns-uk.nic.at.
> 
> and contains the corresponding A and AAAA glue records.
> 
> From my point of view, this is a valid setup or do I miss something?

Hmm, yes. This might be a special case.

The occluded data check is designed to ignore data that is not glue for the current subdomain. In your case, you have glue for something that can be resolved using DNS. nic.at and ac.at is delegated to another NS. The question is what is the correct thing to do? Do you know Matthijs?

// Rickard




More information about the Opendnssec-user mailing list