DNSSEC auto-dnssec issue bind-9.7.2-P3
aclegg at isc.org
Tue Jan 25 15:10:10 UTC 2011
On 1/25/2011 9:51 AM, Kalman Feher wrote:
> If the nsec3param has been removed, the automated signing will be weird if
> you are using nsec3 keys. I havent tested this scenario, since it isnt
> really a working scenario.
There is no such thing as an "nsec3 key".
If you auto-sign a zone that does not contain an NSEC3PARAM record, the
zone will be signed using NSEC.
[note that I'm leaving the rest of that mail to be responded to by
someone with more intimate knowledge of the auto-signing mechanism]
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 260 bytes
Desc: OpenPGP digital signature
More information about the bind-users