Darcy Kevin (FCA) wrote:
> My understanding is that the "extra" stuff wouldn't have any signature
> at all.
I'm not sure if the question was that well specified :-)
> Wouldn't that break DNSSEC if the rest of the response had signatures?
> Or does the DNSSEC-validation algorithm support "hybrid
On 15.06.16 18:43, Jun Xiang X Tee wrote:
When I query for "google.com", the additional section returned is:
;; ADDITIONAL SECTION:
ns1.google.com. 200487 IN A 216.239.32.10
ns2.google.com. 197774 IN A 216.239.34.10
ns3.google.com. 246981 I
brid" responses like that?
- Kevin
-Original Message-
From: Tony Finch [mailto:d...@dotat.at]
Sent: Thursday, June 16, 2016 7:09 AM
To: Darcy Kevin (FCA)
Cc: bind-users@lists.isc.org
Subject: RE: Append a Hard-coded Text Tuple into Additional Section of "dig"
Feature
Darcy Kevin (FCA) wrote:
>
> It'll also, irrespective of caching, break DNSSEC.
No, extra stuff in the additional section should not break DNSSEC
because the signatures are per-RRset not per-message.
Tony.
--
f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode
Tyne, West Dogger: Varia
Hi there,
On Wed, 15 Jun 2016, Jun Xiang X Tee wrote:
...
I wish to append a hard-coded text tuple into end of the section.
...
I think what you want to do sounds strange, but if I wanted to do
something like that I would not modify an existing perfectly good
utility. I would create a new o
Tee
From: bind-users-boun...@lists.isc.org on
behalf of Darcy Kevin (FCA)
Sent: Wednesday, June 15, 2016 3:05:08 PM
To: bind-users@lists.isc.org
Subject: RE: Append a Hard-coded Text Tuple into Additional Section of "dig"
Feature
That's not re
That's not really consistent with the DNS standards, and will break if you have
intermediate caching servers. Why? Because of this clause from RFC 2181:
Unauthenticated RRs received and cached from the least trustworthy of
those groupings, that is data from the additional data section, and
data f
7 matches
Mail list logo
