Strange issue with signed zone

Peter Andreev andreev.peter at
Fri Nov 9 06:05:49 UTC 2012

Hi everybody!

We signed another zone and met the same problem again. The only
difference is algorithm - now it is RSASHA256.

> We have ~30 servers running BIND (9.8, 9.7, 9.6). A week ago we
> signed first of our zones with RSA/SHA1 + NSEC3 + OPT-OUT.
> Recently we realised that our servers don't generate NSEC3 for signed zone.
> Problem has gone after we restarted BIND instances.

We are using views, could it be related?


More information about the bind-users mailing list