[dnsext] nsec3 and wildcards
Miek Gieben <miek.gieben@sidn.nl> Mon, 24 January 2011 14:06 UTC
Return-Path: <Miek.Gieben@sidn.nl>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 164333A6AC9 for <dnsext@core3.amsl.com>; Mon, 24 Jan 2011 06:06:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.904
X-Spam-Level:
X-Spam-Status: No, score=-0.904 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, J_CHICKENPOX_41=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GZXUxA+8QlOi for <dnsext@core3.amsl.com>; Mon, 24 Jan 2011 06:06:41 -0800 (PST)
Received: from ede1-kamx.sidn.nl (kamx.sidn.nl [94.198.152.69]) by core3.amsl.com (Postfix) with ESMTP id 150AC3A6ACB for <dnsext@ietf.org>; Mon, 24 Jan 2011 06:06:40 -0800 (PST)
Received: from KAHUBCAS1.SIDN.local ([192.168.2.41]) by ede1-kamx.sidn.nl with ESMTP id p0OE9YJr013955 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=CAFAIL) for <dnsext@ietf.org>; Mon, 24 Jan 2011 15:09:34 +0100
Received: from login.sidn.nl (94.198.155.36) by KAHUBCAS1.SIDN.local (192.168.2.41) with Microsoft SMTP Server id 14.0.702.0; Mon, 24 Jan 2011 15:09:34 +0100
Date: Mon, 24 Jan 2011 15:09:33 +0100
From: Miek Gieben <miek.gieben@sidn.nl>
To: dnsext List <dnsext@ietf.org>
Message-ID: <20110124140933.GA12071@login.sidn.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Vim/Mutt/Linux
Subject: [dnsext] nsec3 and wildcards
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jan 2011 14:07:31 -0000
Hello, I was wondering if there was a way to limit the amount of nsec3s that are returned for name-error responses. Right now, one of the nsec3s is there to signal that there is no wildcard present. Would it be possible to use the flags field (in the remaining nsec3s) to signal 'oh, and btw, there also wasn't a wildcard'? Somehow this shouldn't work, but I cannot see why... Kind regards, -- Miek
- [dnsext] nsec3 and wildcards Miek Gieben
- Re: [dnsext] nsec3 and wildcards Edward Lewis
- Re: [dnsext] nsec3 and wildcards Miek Gieben
- Re: [dnsext] nsec3 and wildcards Edward Lewis
- Re: [dnsext] nsec3 and wildcards Miek Gieben
- Re: [dnsext] nsec3 and wildcards George Barwood