RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Verified (1)

RFC 4470, "Minimally Covering NSEC Records and DNSSEC On-line Signing", April 2006

Source of RFC: dnsext (int)

Errata ID: 81
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Sam Weiler
Date Reported: 2006-05-09

Section 2 says:

             ).com 3600 IN NSEC +.com ( RRSIG NSEC )

It should say:

            \).com 3600 IN NSEC \+.com ( RRSIG NSEC )

Notes:

Line should use the escape characters as defined in RFC 1035.

Status: Reported (1)

RFC 4470, "Minimally Covering NSEC Records and DNSSEC On-line Signing", April 2006

Source of RFC: dnsext (int)

Errata ID: 6734
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Mark Andrews
Date Reported: 2021-11-12

Section 4 says:

   The first of these NSEC RRs proves that no exact match for
   foo.example.com exists, and the second proves that there is no
   wildcard in example.com.

It should say:

TBD

Notes:

"the second proves that there is no wildcard in example.com" is incorrect.

\)\255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
\255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
\255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
\255\255\255\255\255\255\255\255\255\255\255\255\255\255\255
\255\255.example.com 3600 IN NSEC \000.*.example.com ( NSEC RRSIG )

Actually proves that *.example.com exists as it is part of the next field. It is an empty non-terminal wildcard. '\000.domain' can only be used to prove no data exists at 'domain', not that 'domain' doesn't exist.

Report New Errata