We cannot ship the current sha1 implementation as we previously discussed. We need to import BIND9 code or other safe code, or skip nsec3 this time. Sent from my iPhone