DNSSEC: support for single keys?
Mark Andrews
marka at isc.org
Thu Sep 12 09:22:34 UTC 2013
In message <52316C02.90504 at restena.lu>, Gilles Massen writes:
>
>
> On 09/12/2013 12:46 AM, Mark Andrews wrote:
> > In message <523080DD.6010400 at restena.lu>, Gilles Massen writes:
>
> >> I'm seeing weird things (multiple RRSIGs when enabling NSEC3) so I'd
> >> like to know if these are likely to be bugs or if I'm in unchartered
> >> territory...
> >
> > Fixed in the next maintainence release.
> >
> > 3635. [bug] Signatures were not being removed from a zone with
> > only KSK keys for a algorithm. [RT #24439]
> >
>
> Great, thanks!
>
> As long as the maintenance release is not available, are there
> workarounds? Like not using NSEC3, calling rndc signing -clear all, ...
> or will the multiple signatures turn up whenever a single KSK is present?
You can use the next maintanence release candidates on the download page.
> Gilles
>
> --
> Fondation RESTENA - DNS-LU
> 6, rue Coudenhove-Kalergi
> L-1359 Luxembourg
> tel: (+352) 424409
> fax: (+352) 422473
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list