[Pdns-users] Slave Zones and Presigned Zones
Christof Meerwald
cmeerw at cmeerw.org
Sat Jun 11 13:16:14 UTC 2011
On Sat, 11 Jun 2011 22:11:57 +1200, Craig Whitmore wrote:
[...]
> And testing if everything worked out.. Except it sets the options
> differently that if I typed "pdnssec set-nsec3 spam.co.nz" I have no idea
> what the difference is but it still passes the dig tests I do...
I have to say that I am a bit confused now. The difference is that the
opt-out flag is set to zero on the slave, but that's what
http://tools.ietf.org/html/rfc5155#section-4.1.2 says.
So I don't understand how a zone transfer is supposed to work when the
flag is always set to zero in the NSEC3PARAM record...
Christof
--
http://cmeerw.org sip:cmeerw at cmeerw.org
mailto:cmeerw at cmeerw.org xmpp:cmeerw at cmeerw.org
More information about the Pdns-users
mailing list