Re: [dnsext] RFC 4470 bitmap (Was Re: Authenticated denial of existence...)
Tony Finch <dot@dotat.at> Fri, 22 November 2013 15:59 UTC
Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EC2C1AE15B for <dnsext@ietfa.amsl.com>; Fri, 22 Nov 2013 07:59:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.425
X-Spam-Level:
X-Spam-Status: No, score=-2.425 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.525] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BWpCgrScVeLp for <dnsext@ietfa.amsl.com>; Fri, 22 Nov 2013 07:59:24 -0800 (PST)
Received: from ppsw-52.csi.cam.ac.uk (ppsw-52.csi.cam.ac.uk [IPv6:2001:630:212:8::e:f52]) by ietfa.amsl.com (Postfix) with ESMTP id 468D61ADFDA for <dnsext@ietf.org>; Fri, 22 Nov 2013 07:59:24 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:55093) by ppsw-52.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.158]:25) with esmtpa (EXTERNAL:fanf2) id 1Vjt8W-0001ux-Db (Exim 4.82_3-c0e5623) (return-path <fanf2@hermes.cam.ac.uk>); Fri, 22 Nov 2013 15:59:16 +0000
Received: from fanf2 by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local id 1Vjt8W-0004rp-3v (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Fri, 22 Nov 2013 15:59:16 +0000
Date: Fri, 22 Nov 2013 15:59:16 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk
To: Matthijs Mekking <matthijs@nlnetlabs.nl>
In-Reply-To: <528F7DB4.10102@nlnetlabs.nl>
Message-ID: <alpine.LSU.2.00.1311221556510.11548@hermes-2.csi.cam.ac.uk>
References: <CFD6B510-D70E-4308-BF3E-B2E7C2ADCBEB@nominum.com> <alpine.LSU.2.00.1311201202570.11548@hermes-2.csi.cam.ac.uk> <528F2737.1020002@nlnetlabs.nl> <alpine.LSU.2.00.1311221359460.11548@hermes-2.csi.cam.ac.uk> <528F7DB4.10102@nlnetlabs.nl>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Cc: dnsext@ietf.org
Subject: Re: [dnsext] RFC 4470 bitmap (Was Re: Authenticated denial of existence...)
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext/>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Nov 2013 15:59:26 -0000
Matthijs Mekking <matthijs@nlnetlabs.nl> wrote: > It is not clear to me that this sentence only refers to the on-demand > NSEC records. I think the other sentence in the same paragraph makes it clear that the whole paragraph is about NXDOMAIN responses: The generated NSEC record's type bitmap MUST have the RRSIG and NSEC bits set and SHOULD NOT have any other bits set. This relaxes the requirement in Section 2.3 of RFC4035 that NSEC RRs not appear at names that did not exist before the zone was signed. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first.
- Re: [dnsext] Authenticated denial of existence... Miek Gieben
- Re: [dnsext] Authenticated denial of existence... Jiankang Yao
- [dnsext] Authenticated denial of existence... Ted Lemon
- Re: [dnsext] Authenticated denial of existence... bmanning
- Re: [dnsext] Authenticated denial of existence... Ted Lemon
- Re: [dnsext] Authenticated denial of existence... bmanning
- Re: [dnsext] Authenticated denial of existence... Ted Lemon
- Re: [dnsext] Authenticated denial of existence... joel jaeggli
- Re: [dnsext] Authenticated denial of existence... Tony Finch
- Re: [dnsext] Authenticated denial of existence... Miek Gieben
- Re: [dnsext] Authenticated denial of existence... Matthijs Mekking
- Re: [dnsext] Authenticated denial of existence... Ted Lemon
- Re: [dnsext] Authenticated denial of existence... Miek Gieben
- Re: [dnsext] Authenticated denial of existence... Dave Lawrence
- Re: [dnsext] Authenticated denial of existence... Mark Andrews
- Re: [dnsext] Authenticated denial of existence... Miek Gieben
- Re: [dnsext] Authenticated denial of existence... Matthijs Mekking
- [dnsext] RFC 4470 bitmap (Was Re: Authenticated d… Matthijs Mekking
- Re: [dnsext] RFC 4470 bitmap (Was Re: Authenticat… Tony Finch
- Re: [dnsext] RFC 4470 bitmap (Was Re: Authenticat… Matthijs Mekking
- Re: [dnsext] RFC 4470 bitmap (Was Re: Authenticat… Tony Finch
- Re: [dnsext] Authenticated denial of existence... Miek Gieben
- Re: [dnsext] Authenticated denial of existence... Tony Finch
- Re: [dnsext] Authenticated denial of existence... Jelte Jansen
- Re: [dnsext] Authenticated denial of existence... Tony Finch
- Re: [dnsext] Authenticated denial of existence... Jelte Jansen
- Re: [dnsext] Authenticated denial of existence... Matthijs Mekking
- Re: [dnsext] Authenticated denial of existence... Tony Finch
- Re: [dnsext] Authenticated denial of existence... Matthijs Mekking