RFC Errata
Found 2 records.
Status: Verified (1)
RFC 4470, "Minimally Covering NSEC Records and DNSSEC On-line Signing", April 2006
Source of RFC: dnsext (int)
Errata ID: 81
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Sam Weiler
Date Reported: 2006-05-09
Section 2 says:
).com 3600 IN NSEC +.com ( RRSIG NSEC )
It should say:
\).com 3600 IN NSEC \+.com ( RRSIG NSEC )
Notes:
Line should use the escape characters as defined in RFC 1035.
Status: Reported (1)
RFC 4470, "Minimally Covering NSEC Records and DNSSEC On-line Signing", April 2006
Source of RFC: dnsext (int)
Errata ID: 6734
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Mark Andrews
Date Reported: 2021-11-12
Section 4 says:
The first of these NSEC RRs proves that no exact match for foo.example.com exists, and the second proves that there is no wildcard in example.com.
It should say:
TBD
Notes:
"the second proves that there is no wildcard in example.com" is incorrect.
\)\255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
\255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
\255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
\255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
\255\255.example.com 3600 IN NSEC \000.*.example.com ( NSEC RRSIG )
Actually proves that *.example.com exists as it is part of the next field. It is an empty non-terminal wildcard. '\000.domain' can only be used to prove no data exists at 'domain', not that 'domain' doesn't exist.