DNSSEC auto-dnssec issue bind-9.7.2-P3
Alan Clegg
aclegg at isc.org
Tue Jan 25 15:10:10 UTC 2011
On 1/25/2011 9:51 AM, Kalman Feher wrote:
> If the nsec3param has been removed, the automated signing will be weird if
> you are using nsec3 keys. I havent tested this scenario, since it isnt
> really a working scenario.
There is no such thing as an "nsec3 key".
If you auto-sign a zone that does not contain an NSEC3PARAM record, the
zone will be signed using NSEC.
[note that I'm leaving the rest of that mail to be responded to by
someone with more intimate knowledge of the auto-signing mechanism]
AlanC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110125/20497e3b/attachment.bin>
More information about the bind-users
mailing list