Magic for NSEC3
Jonathan Petersson
jpetersson at garnser.se
Sat Jan 3 19:22:05 UTC 2009
Hi all,
Hopefully this post wont cause as much SPAM as my last one. About a
year ago I started looking into DNSSEC and how to work with it for
dynamic updates etc. Since only NSEC was supported, allowing whomever
to do a unauthorized zone-transfer I canceled my projects later
finding out that NSEC3 would stop the behavior.
With the release of BIND 9.6 my understanding is that NSEC3 is now
supported, however, after reading the DNSSEC ARM for 9.6 I'm pretty
clueless as whether there's any magic sauce to get NSEC3 records vs.
NSEC.
If anyone has a pointer that would be of help, I've tried using
NSEC3RSASHA1 keys without success of getting NSEC3 records.
Thx
/Jonathan
More information about the bind-users
mailing list