DNSSEC: support for single keys?

Gilles Massen gilles.massen at restena.lu
Thu Sep 12 07:23:46 UTC 2013



On 09/12/2013 12:46 AM, Mark Andrews wrote:
> In message <523080DD.6010400 at restena.lu>, Gilles Massen writes:

>> I'm seeing weird things (multiple RRSIGs when enabling NSEC3) so I'd
>> like to know if these are likely to be bugs or if I'm in unchartered
>> territory...
> 
> Fixed in the next maintainence release.
> 
> 3635.   [bug]           Signatures were not being removed from a zone with
>                         only KSK keys for a algorithm. [RT #24439]
> 

Great, thanks!

As long as the maintenance release is not available, are there
workarounds? Like not using NSEC3, calling rndc signing -clear all, ...
or will the multiple signatures turn up whenever a single KSK is present?

Gilles

-- 
Fondation RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473


More information about the bind-users mailing list