Bind error when switching from NSEC to NSEC3

[Evan Hunt]

> dnssec-signzone incorrectly leaves NSEC records in a zone when "re-using"
> the old signed zone when changing from NSEC to NSEC3. The resulting zone
> file will contain both NSEC and NSEC3 records.

Yes.  Moreover, it does the same thing when changing from NSEC3 to NSEC,
which you can do by accident far too easily--simply by forgetting the -3
flag when you re-sign.  There's an open bug ticket about this, I plan to
fix it soon.

Thanks for mentioning it.

--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.