changing NSEC3 salt
Tony Finch
dot at dotat.at
Mon Mar 10 19:03:43 UTC 2014
Evan Hunt <each at isc.org> wrote:
>
> What should happen is:
>
> - the old NSEC3PARAM is removed
Isn't that a bit early? Can a secondary transfer the zone while there is
no NSEC3PARAM?
> - a private-type record is created, indicating that a
> new NSEC3 chain is being created
> - all the new NSEC3 records are added to the zone
> - the new NSEC3PARAM is created
I would have thought this should be an atomic replacement of the
NSEC3PARAM record.
> - all the old NSEC3 records are removed from the zone
> - the private-type record is cleaned up
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Malin: Southerly 4 or 5, increasing 6 at times in northwest. Moderate or
rough. Fair. Good.
More information about the bind-users
mailing list