sets/resolver: another NSEC delegation to insecure zone (!214) · Merge requests · Knot projects / deckard · GitLab

GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens, and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption in our documentation.

Self sign-up has been disabled due to increased spam activity. If you want to get access, please send an email to a project owner (preferred) or at gitlab(at)nic(dot)cz. We apologize for the inconvenience.

Tomas Krizek requested to merge sets-delegation-to-insecure into master Oct 22, 2021

This reproduces the issue encounted in the wild by kresd, reported here: knot-resolver#679

The main point of the test is to have a delegation from secure to insecure subzone, when:

authoritative server for both zones is the same
the subzone is at least 2 labels below the parent zone apex