nsec and nsec3 records
R Dicaire
kritek at gmail.com
Sun Jun 14 02:14:42 UTC 2009
On Sat, Jun 13, 2009 at 10:03 PM, Evan Hunt<each at isc.org> wrote:
> Why would you want them both? If you don't mind the drawbacks of NSEC,
> why take on the operational and computational burdens of NSEC3?
I don't know why, I'm simply not knowledgeable enough in DNSSEC deployment.
Currently I'm using bind 9.4.x, with NSEC records, but looking to move
to 9.6.1, in fact my slaves are already 9.6.1, but my master isn't
yet. I've recently read where .org has been signed, and using NSEC3. I
thought it might be a good idea to resign my zones using NSEC3, but
was unaware if both NSEC and NSEC3 were acceptable.
Is it too soon to go NSEC3? No doubt a good portion of DNSSEC-aware
resolvers arent NSEC3 capable yet, is this something I need to take
into account?
I use ISCs DLV, is NSEC3 an issue for that?
I don't grasp whats going to be involved in a move from NSEC to NSEC3.
Thanks
--
aRDy Music and Rick Dicaire present:
http://www.ardynet.com
http://www.ardynet.com:9000/ardymusic.ogg.m3u
--
aRDy Music and Rick Dicaire present:
http://www.ardynet.com
http://www.ardynet.com:9000/ardymusic.ogg.m3u
More information about the bind-users
mailing list