[nsd-users] NSD RFC compliance questions (DNSSEC related)

Matthijs Mekking matthijs at NLnetLabs.nl
Fri Oct 21 07:47:37 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Robert,

On 10/21/2011 07:12 AM, Robert Davidson wrote:
> 
> Hi all,
> 
> I need to know if NSD complies with the following RFCs and if they are
> or are not implemented.  If they are not implemented it would be good to
> know why, but not essential.  A simple "Yes" or "No" answer to each one
> will suffice.
> 
> RFC 4470 Minimally Covering NSEC Records and DNSSEC On-line Signing

No: NSD does not do signing.

> RFC 4509 Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource
> Records (RRs)

Yes.

> RFC 5011 Automated Updates of DNS Security (DNSSEC) Trust Anchors

No: NSD is not a resolver.

> RFC 5702 Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource
> Records for DNSSEC

Yes.

Best regards,
  Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOoSOZAAoJEA8yVCPsQCW5OtoIAN7dpAelzxxZ1dMMtw2ZuJpA
K8Ctrm5PLohDcjIsn63KtIghaOpbHT7AoI3nychh9XFxFhzs/OEyjsquN6jzhSEG
0FIcHpXmxoNjfVLEWy8stYPYDy/tpOQ8LwcVqTwz/U99caThnzdzw/7VUzqr5RQ3
+vY7BYFXFiA0gm0hNFoRgdnjkMb7VkdmBpXDcPnWWZV5sfOc0XvpopU4BjU0rtEE
AUMIRuDq5zHQIjz42A2sHm2ew3GbO6TukaSJOKHM0T3bTr1sP7PO2X0ZpIWRrC0O
hpeTNRcPi5Xx7TcZbTMeLYpwVnwR4IJpn0EMT0hDR8rYIV81nyRE3Fcr8TQwX44=
=SZ2B
-----END PGP SIGNATURE-----



More information about the nsd-users mailing list