nsec and nsec3 records
each at isc.org
Sun Jun 14 02:03:03 UTC 2009
> Can both nsec and nsec3 records be used simultaneously in a zone file,
> or is it an either/or?
Why would you want them both? If you don't mind the drawbacks of NSEC,
why take on the operational and computational burdens of NSEC3?
To answer the question, while I don't think the RFCs explicitly forbid
it, BIND9 doesn't currently support it.
We do have plans, in a future release, to allow both NSEC and NSEC3 to
exist in a zone--but only as a temporary transitional state when a zone
is being converted from one to another; it wouldn't be persistent. So,
if you were converting from NSEC to NSEC3, both chains would exist, but
as soon as the NSEC3 chain was complete the NSEC chain would be removed.
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users