[dns-operations] BIND version and NSEC3

Florian Weimer fweimer at bfk.de
Fri May 15 16:17:58 UTC 2009

* Paul Gani:

> I understand BIND 9.6 is the first version that fully supports NSEC3.
> But how about if you're not interested in performing DNSSEC resolutions,
> but just want to host an NSEC3 zone?  Will BIND 9.5 support creation of
> NSEC3 keys?  How about hosting a NSEC3 signed zone file as either a
> master or slave?

NSEC3 requires special support in authoritative servers to work
properly.  NSEC3 zones, as served by non-NSEC3 servers, do not pass
validation (by neither NSEC3- nor NSEC3-non-aware resolvers).

Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

More information about the dns-operations mailing list