DNSSEC auto-dnssec issue bind-9.7.2-P3

Alan Clegg aclegg at isc.org
Tue Jan 25 15:10:10 UTC 2011

On 1/25/2011 9:51 AM, Kalman Feher wrote:

> If the nsec3param has been removed, the automated signing will be weird if
> you are using nsec3 keys. I havent tested this scenario, since it isnt
> really a working scenario.

There is no such thing as an "nsec3 key".

If you auto-sign a zone that does not contain an NSEC3PARAM record, the
zone will be signed using NSEC.

[note that I'm leaving the rest of that mail to be responded to by
someone with more intimate knowledge of the auto-signing mechanism]


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110125/20497e3b/attachment.bin>

More information about the bind-users mailing list