[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Empty non-terminals and NSEC records

To: namedroppers@ops.ietf.org
Subject: Empty non-terminals and NSEC records
From: Erik Rozendaal <erik@NLnetLabs.nl>
Date: Wed, 03 Dec 2003 15:49:07 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007

The example zone in the draft-ietf-dnsext-dnssec-protocol-03.txt document contains the following records (among others and excluding RRSIG records):

   ns2.example.   3600 IN A   192.0.2.2
                  3600 NSEC   *.w.example. A RRSIG NSEC
   *.w.example.   3600 IN MX  1 ai.example.
                  3600 NSEC   x.w.example. MX RRSIG NSEC

Notice there are no RRs for the w.example. domain, making it an empty non-terminal. According to the original DNS RFCs empty non-terminals do exist (in other words, querying for w.example. will not result in NXDOMAIN but in NODATA).

However, the signed version does not include proper NSEC records for w.example. Is this intentional and expected behaviour?

Erik


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: Empty non-terminals and NSEC records
  - From: Mark.Andrews@isc.org
- Re: Empty non-terminals and NSEC records
  - From: Rob Austein <sra+namedroppers@hactrn.net>

Prev by Date: Re: nsec++
Next by Date: Re: nsec++
Previous by thread: List administration
Next by thread: Re: Empty non-terminals and NSEC records
Index(es):
- Date
- Thread