NSEC3PARAM not honored in inline-signer mode (was Re: BIND 9.9.0 is now available)
Wolfgang Nagele
wolfgang.nagele at ausregistry.com.au
Tue Mar 6 23:33:24 UTC 2012
Hi,
> NSEC3PARM is not supposed to be present in a unsigned zone. rndc doesn't
> add them to the zone. It tells the signing component to generate a NSEC3
> chain and when that is complete to add the NSEC3PARAM record.
Nothing says so in the specs: http://tools.ietf.org/html/rfc5155#section-4
You just add complexity by having the user enter the same information twice and possibly failing to do it right.
Cheers,
Wolfgang
More information about the bind-users
mailing list