nsec3 opt-out confusion (bug report)
each at isc.org
Tue Apr 1 16:29:13 UTC 2014
> Nevertheless, it seems there are still two bugs:
> 1. The NSEC3 chain is not properly cleared when switching from
> non-opt-out to opt-out
That does seem incorrect (though under the circumstances it may
be harmless). Could you please report it to bind9-bugs at isc.org,
including details of how you made the changes?
> 2. The NSEC3PARAM record always has the opt-out flag clear, even if
> opt-out is activated.
Not a bug, as noted elsewhere.
> Finally a question: The NSEC3 RFC allows a mixed opt-out mode within a
> zone. Is this used by Bind or does Bind always either use opt-out or
BIND doesn't currently provide a mechanism for that. If it's something
you need, please send a feature request to bind-suggest at isc.org.
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users