NSEC3PARAM not honored in inline-signer mode (was Re: BIND 9.9.0 is now available)

Wolfgang Nagele wolfgang.nagele at ausregistry.com.au
Tue Mar 6 06:48:24 UTC 2012


>   "auto-dnssec" zones can now have NSEC3 parameters set prior
>   to signing. [RT #23684]
According to the docs it should be possible to set NSEC3PARAM on the unsigned version when using inline-signer mode. The signing BIND 9.9 should then decide to use NSEC3, which salt, opt-out, etc. based on this. I have tried this and could not get it to work. The only way to use NSEC3 with the inline signer atm is to run 'rndc -nsec3param' once the zone has been configured. Any hints?


Wolfgang Nagele
Senior Systems and Network Administrator
AusRegistry Pty Ltd
Level 8, 10 Queens Road
Melbourne, Victoria, Australia, 3004
Phone +61 3 9090 1756
Email: wolfgang.nagele at ausregistry.com.au
Web: www.ausregistry.com.au

The information contained in this communication is intended for the named recipients only. It is subject to copyright and may contain legally privileged and confidential information and if you are not an intended recipient you must not use, copy, distribute or take any action in reliance on it. If you have received this communication in error, please delete all copies from your system and notify us immediately.

More information about the bind-users mailing list