Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) by bugs.isc.org (Postfix) with ESMTP id 253092D20571 for <bind9-bugs@bugs.isc.org>; Thu,  4 Sep 2014 23:11:17 +0000 (UTC)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.ams1.isc.org (Postfix) with ESMTP id 8B9C51FCBC8 for <bind9-bugs@isc.org>; Thu,  4 Sep 2014 23:11:14 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 7133F160068 for <bind9-bugs@isc.org>; Thu,  4 Sep 2014 23:13:56 +0000 (UTC)
Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id 456B7160052 for <bind9-bugs@isc.org>; Thu,  4 Sep 2014 23:13:56 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id A01BB1E6D363 for <bind9-bugs@isc.org>; Fri,  5 Sep 2014 09:11:12 +1000 (EST)
Delivered-To: bind9-bugs@bugs.isc.org
Subject: this should not validate but it does.
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.0
Return-Path: <marka@isc.org>
X-Original-To: bind9-bugs@bugs.isc.org
Date: Fri, 05 Sep 2014 09:11:12 +1000
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.ams1.isc.org
Message-ID: <20140904231112.A01BB1E6D363@rock.dv.isc.org>
To: bind9-bugs@isc.org
From: Mark Andrews <marka@isc.org>
X-RT-Original-Encoding: ascii
content-type: text/plain; charset="utf-8"
Content-Length: 2242


The mail2.clarion-hotels.cz NSEC proves that mail2.clarion-hotels.cz exist
so the wildcard (*.clarion-hotels.cz) should not match.

Mark

; <<>> DiG 9.11.0pre-alpha <<>> _tcp.mail2.clarion-hotels.cz tlsa +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18595
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 6, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;_tcp.mail2.clarion-hotels.cz.	IN	TLSA

;; ANSWER SECTION:
_tcp.mail2.clarion-hotels.cz. 1778 IN	CNAME	clarion-hotels.cz.
_tcp.mail2.clarion-hotels.cz. 1778 IN	RRSIG	CNAME 5 2 1800 20140924121306 20140825121306 13077 clarion-hotels.cz. M8OQ5fcnOYPX2XXvV9Cgefkjv2AHYFLAMeDfUpBuSk1PBFG6s/4tMSLb C/0r72TOjZupOHe5vizyzamAcE6m7dA4tlXGlWkTapf95lKFRokqjQow eRESgmZSS/b43jgxLv/+FRsu3rYnz77j3cC413qBn0PDDKLbepk0YEZC yTk=

;; AUTHORITY SECTION:
mail2.clarion-hotels.cz. 1778	IN	NSEC	clarion-hotels.cz. A RRSIG NSEC
mail2.clarion-hotels.cz. 1778	IN	RRSIG	NSEC 5 3 3600 20140924121306 20140825121306 13077 clarion-hotels.cz. WlUUsb1EqhP5mUfJ5DXpxvVs7Tw4h5802WCwXy4B2NByTbj3SfurhbV7 HBxPFA/I5OR4VkbWsFr7LlOpb93xRmEXt98afdrzzrKIgMIoNHu4oHDe ykeuV/7epjuHOxpZUKtfhe48ktKZ0NRievAyCUxiJA8evpgifR7AKKqS yGA=
clarion-hotels.cz.	1625	IN	SOA	ns.forpsi.net. admin.forpsi.com. 2014082501 3600 1800 2592000 3600
clarion-hotels.cz.	1625	IN	RRSIG	SOA 5 2 3600 20140924121306 20140825121306 13077 clarion-hotels.cz. F5DurWWNlg9zQrvFMQrdNNjH58Zv/TTVBQSOtslMYlwXWp3ZcJGCC1Ra veDuerwFv5dQUsBQIJpQc5eZmyXXH8YA5rOLBK1x19ej0hl1T3yi3pG6 4SJFCrzSIIFVKzX7nKDtfnFK/Zq3X6db7oh9I+gpNnyojuDCccuQNwov kQw=
clarion-hotels.cz.	1625	IN	RRSIG	NSEC 5 2 3600 20140924121306 20140825121306 13077 clarion-hotels.cz. OOeXzp0449w2dXf6zdvnidH69d27+9kPH6fJP9CK+coXuMiZ7WwheIn8 qZrhqYPu9xrnpgmYYkOeuaWDq2b+7rxKzzJTw/0hAjjO8vKRMr2sPyNi CpM2btBTM2FrKZvFJZegMYafo37QH05cg47hXAjEiyEYCMlJfNmMx+AN le8=
clarion-hotels.cz.	1625	IN	NSEC	*.clarion-hotels.cz. A NS SOA MX RRSIG NSEC DNSKEY

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 05 09:06:45 EST 2014
;; MSG SIZE  rcvd: 925

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:	+61 2 9871 4742		         INTERNET: marka@isc.org