nsec3 in bind 9.7
Evan Hunt
each at isc.org
Sat Feb 20 04:07:24 UTC 2010
> NSEC only DNSKEYs and NSEC3 chains not allowed
That should've been worded or at least punctuated better. "NSEC-only
DNSKEYs not allowed with NSEC3 chains", perhaps. It means you're using
at least one DNSKEY with an algorithm that predates NSEC3, and therefore
your zone can't have a valid NSEC3 chain. Use "dnssec-keygen -3" to
generate your keys.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list