[Pdns-users] NSEC3 opt-out issues in PDNS 3.2
Klaus Darilion
klaus.mailinglists at pernau.at
Wed Mar 27 17:06:10 UTC 2013
Hi!
We have a setup with Powerdns between a bind master and bind
secondaries. The master signs the zone without "opt-out". Thus, the
NSEC3 records in the zone transfer from master->PDNS haev the NSEC3 flag
set to 0. When the bind secondaries transfer the zone from PDNS, the
NSEC3 records all have the NSEC3 flag set to 1 (opt-out). Of course this
breaks the signature of the NSEC3 RR.
Is this a known issue? Is there a config option to fix this?
Thanks
Klaus
More information about the Pdns-users
mailing list