Bind error when switching from NSEC to NSEC3
Evan Hunt
each at isc.org
Fri Aug 14 04:44:03 UTC 2009
> dnssec-signzone incorrectly leaves NSEC records in a zone when "re-using"
> the old signed zone when changing from NSEC to NSEC3. The resulting zone
> file will contain both NSEC and NSEC3 records.
Yes. Moreover, it does the same thing when changing from NSEC3 to NSEC,
which you can do by accident far too easily--simply by forgetting the -3
flag when you re-sign. There's an open bug ticket about this, I plan to
fix it soon.
Thanks for mentioning it.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list