Strange issue with signed zone

Peter Andreev andreev.peter at
Wed Oct 26 09:59:37 UTC 2011


We have ~30 servers running BIND (9.8, 9.7, 9.6). A week ago we have
signed first of our zones with RSA/SHA1 + NSEC3 + OPT-OUT.
Recently we realised that our servers don't generate NSEC3 for signed zone.
Problem has gone after we restarted BIND instances.

Is described behaviour normal for BIND or not?


More information about the bind-users mailing list