[Pdns-users] Slave Zones and Presigned Zones

Christof Meerwald cmeerw at cmeerw.org
Sat Jun 11 13:16:14 UTC 2011


On Sat, 11 Jun 2011 22:11:57 +1200, Craig Whitmore wrote:
[...]
> And testing if everything worked out.. Except it sets the options
> differently that if I typed "pdnssec set-nsec3 spam.co.nz" I have no idea
> what the difference is but it still passes the dig tests I do...

I have to say that I am a bit confused now. The difference is that the
opt-out flag is set to zero on the slave, but that's what
http://tools.ietf.org/html/rfc5155#section-4.1.2 says.

So I don't understand how a zone transfer is supposed to work when the
flag is always set to zero in the NSEC3PARAM record...


Christof

-- 

http://cmeerw.org                              sip:cmeerw at cmeerw.org
mailto:cmeerw at cmeerw.org                   xmpp:cmeerw at cmeerw.org



More information about the Pdns-users mailing list