[dns-operations] signing a zone with NSEC3 records.
Ondřej Surý
ondrej.sury at nic.cz
Thu Sep 10 12:13:38 UTC 2009
On 09/10/2009 08:50 AM, Sander Smeenk wrote:
> Quoting Samuel Weiler (weiler at watson.org):
>
> though it does grow your (signed) zonefile significantly.
Nope. NSEC3 has opt-out feature which allows you to keep down zonefile
size compared to NSEC.
Ondrej
--
Ondřej Surý
vedoucí výzkumu/R&D manager
-------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Americka 23, 120 00 Praha 2, Czech Republic
mailto:ondrej.sury at nic.cz http://nic.cz/
tel:+420.222745110 fax:+420.222745112
-------------------------------------------
More information about the dns-operations
mailing list