DNSSEC: support for single keys?
Gilles Massen
gilles.massen at restena.lu
Thu Sep 12 07:23:46 UTC 2013
On 09/12/2013 12:46 AM, Mark Andrews wrote:
> In message <523080DD.6010400 at restena.lu>, Gilles Massen writes:
>> I'm seeing weird things (multiple RRSIGs when enabling NSEC3) so I'd
>> like to know if these are likely to be bugs or if I'm in unchartered
>> territory...
>
> Fixed in the next maintainence release.
>
> 3635. [bug] Signatures were not being removed from a zone with
> only KSK keys for a algorithm. [RT #24439]
>
Great, thanks!
As long as the maintenance release is not available, are there
workarounds? Like not using NSEC3, calling rndc signing -clear all, ...
or will the multiple signatures turn up whenever a single KSK is present?
Gilles
--
Fondation RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473
More information about the bind-users
mailing list