On Sun, 28 Mar 2010, Nate Itkin wrote:
28-Mar-2010 21:02:27.467 dnssec: warning: client 200.160.7.134#6363: view external: expected covering NSEC3, got an exact match
The error suggests the following happened. The client asked for something that did not exist. The server then hashes the hostname and looks at the nsec3 hash that alphabetically covers that hashed hostname. However, it found the hashed hostname *itself* in the list, indicating that the data actuallly exists and should have been returned instead of an nsec3 hash indicating the hostname did not exist. I've seen these too, and I'm not sure where they come from. I hope it does not indicate some kind of bug in the re-signing/re-using of old hashes with a new zone in dnssec-signzone. Paul _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
