[dns-operations] How can BIND find itself that I used NSEC3 with opt-out?
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Nov 18 13:39:00 UTC 2009
On Wed, Nov 18, 2009 at 01:21:04PM +0000,
John Dickinson <jad at jadickinson.co.uk> wrote
a message of 82 lines which said:
> > 1) Why does RFC 5155 prevent the use of the opt-out flag?
>
> Because the secondaries don't care about opt-out in order to serve
> the correct RR's.
OK but, then, why having an Opt-Out flag at all in the NSEC3PARAM
resource record?
> > 2) How can BIND find by itself that I use opt-out?
>
> If there is a signer in bind then there needs to be a setting in the
> bind zone clause (I guess) that tells it what to do when signing
> dynamic updates.
I cannot find such an option in the ARM, even with grep's help. Anyone
knows its name?
More information about the dns-operations
mailing list