[dns-operations] BIND version and NSEC3
Florian Weimer
fweimer at bfk.de
Fri May 15 16:17:58 UTC 2009
* Paul Gani:
> I understand BIND 9.6 is the first version that fully supports NSEC3.
> But how about if you're not interested in performing DNSSEC resolutions,
> but just want to host an NSEC3 zone? Will BIND 9.5 support creation of
> NSEC3 keys? How about hosting a NSEC3 signed zone file as either a
> master or slave?
NSEC3 requires special support in authoritative servers to work
properly. NSEC3 zones, as served by non-NSEC3 servers, do not pass
validation (by neither NSEC3- nor NSEC3-non-aware resolvers).
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the dns-operations
mailing list