1331. [func] Generate DNSSEC wildcard proofs.

2003-08-18 07:35:54 +00:00
parent 2bb0b0009e
commit d930eaf77b
9 changed files with 151 additions and 27 deletions
--- a/doc/misc/dnssec
+++ b/doc/misc/dnssec
@@ -38,14 +38,6 @@ When acting as an authoritative name server, BIND9 includes KEY, SIG
 and NXT records in responses as specified in RFC2535 when the request
 has the DO flag set in the query.

-Response generation for wildcard records in secure zones is not fully
-supported.  Responses indicating the nonexistence of a name include a
-NXT record proving the nonexistence of the name itself, but do not
-include any NXT records to prove the nonexistence of a matching
-wildcard record.  Positive responses resulting from wildcard expansion
-do not include the NXT records to prove the nonexistence of a
-non-wildcard match or a more specific wildcard match.
-

 Secure Resolution

@@ -89,4 +81,4 @@ future as we consider them inferior to the use of TSIG or SIG(0) to
 ensure the integrity of zone transfers.


-$Id: dnssec,v 1.14.2.6 2003/03/06 04:38:20 marka Exp $
+$Id: dnssec,v 1.14.2.6.4.1 2003/08/18 07:35:49 marka Exp $