bind 9.7, dnssec and multiple key directories and resalt NSEC3
Casey Deccio
casey at deccio.net
Fri Jun 4 17:26:27 UTC 2010
On Fri, Jun 4, 2010 at 9:10 AM, Evan Hunt <each at isc.org> wrote:
> The way it's supposed to work is: you add the new NSEC3PARAM record,
> then wait for the new NSEC3 chain to be built. The newly inserted record
> will, at first, have its "flags" field set to a nonzero value; this
> indicates that the chain isn't complete yet. When the server is finished
> building the chain, it updates the newly-added NSEC3PARAM record, and
> zeroes the flags field. At that point, it's safe to remove the old
> NSEC3PARAM record, which will cause the server to remove the old NSEC3
> chain.
>
>
This is a much more elegant solution... :)
Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100604/c1287ba5/attachment.html>
More information about the bind-users
mailing list