[dns-operations] signing a zone with NSEC3 records.
bortzmeyer at nic.fr
Thu Sep 10 09:14:30 UTC 2009
On Wed, Sep 09, 2009 at 01:57:37PM -0700,
Ravi Kondamuru <ravikondamuru at gmail.com> wrote
a message of 153 lines which said:
> It looks like NSEC3 is a draft
That's not true, RFC 5155 has been published in march 2008.
> It is not clear which mode of operation DNS servers should be
> configured to operate in:
At least for BIND and NSD, there is nothing to configure, they accept
both and serve both (otherwise, it would be an operational nightmare).
> My understanding so far is a DNS server cannot be run in a mixed
> (supporting both NSEC and NSEC3) mode.
That's not true.
More information about the dns-operations