You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We've had a report about incorrect NSEC3 responses from our NSD 4.3.6 servers. It appears to affect queries for SOA records for names below a delegation point.
Query:
dig 182.227.110.in-addr.arpa soa +norec +dnssec +nocrypto +noall +authority @apnic.authdns.ripe.net
Correct response from BIND and Knot DNS:
227.110.in-addr.arpa. 86400 IN NS aaadel.mantraonline.com.
227.110.in-addr.arpa. 86400 IN NS dnsdel.mantraonline.com.
8gt1jrvtigaj7rcjetli6a54n82uk8s2.110.in-addr.arpa. 3600 IN NSEC3 1 0 5 D4BFD93A8396A2D1 8GVE3O4I1JTJ9TMK9DAD4F7J3JIR7ITP NS
8gt1jrvtigaj7rcjetli6a54n82uk8s2.110.in-addr.arpa. 3600 IN RRSIG NSEC3 13 4 3600 20211004220014 20210919203014 49556 110.in-addr.arpa. [omitted]
But from NSD 4.3.6:
182.227.110.in-addr.arpa. 86400 IN NS aaadel.mantraonline.com.
182.227.110.in-addr.arpa. 86400 IN NS dnsdel.mantraonline.com.
67de5manr28emsg5rop2kdtmj3m9lb5u.110.in-addr.arpa. 3600 IN NSEC3 1 0 5 D4BFD93A8396A2D1 67EAGJOIQ60475A1G7A4LHFD3I7E22L4 NS SOA TXT RRSIG DNSKEY NSEC3PARAM CDS CDNSKEY
67de5manr28emsg5rop2kdtmj3m9lb5u.110.in-addr.arpa. 3600 IN RRSIG NSEC3 13 4 3600 20211004220014 20210919203014 49556 110.in-addr.arpa. [omitted]
jcrj5232cl9n61esuckb5lcvj05g4rsu.110.in-addr.arpa. 3600 IN NSEC3 1 0 5 D4BFD93A8396A2D1 JD6HHD4FE3THFGP99T7AJ1AP6FFLHN09 NS
jcrj5232cl9n61esuckb5lcvj05g4rsu.110.in-addr.arpa. 3600 IN RRSIG NSEC3 13 4 3600 20211004220014 20210919203014 49556 110.in-addr.arpa. [omitted]
