[Opendnssec-user] Reverse zones?
Olaf Kolkman
olaf at NLnetLabs.nl
Tue Mar 6 14:12:44 UTC 2012
On Mar 6, 2012, at 3:05 PM, Jakob Schlyter wrote:
>> The one difference that comes to mind is that NSEC3 doesn't make a lot sense in the reverse space, as anyone can walk the zones anyway, so we (LACNIC) will be using NSEC for signed negative responses.
>
> Except perhaps for IPv6 ?
Wasn't the argument that you could effectively distinguish between 'dead branches' and empty non-terminals by looking at NXDOMAIN vs NOERROR/empty answer, and thus enumerate at each label and dive deeper if the branch is not dead?
--Olaf
________________________________________________________
Olaf M. Kolkman NLnet Labs
http://www.nlnetlabs.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120306/8b4bd480/attachment.bin>
More information about the Opendnssec-user
mailing list