[dns-operations] signing a zone with NSEC3 records.

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Sep 10 09:14:30 UTC 2009


On Wed, Sep 09, 2009 at 01:57:37PM -0700,
 Ravi Kondamuru <ravikondamuru at gmail.com> wrote 
 a message of 153 lines which said:

> It looks like NSEC3 is a draft

That's not true, RFC 5155 has been published in march 2008.

> It is not clear which mode of operation DNS servers should be
> configured to operate in:

At least for BIND and NSD, there is nothing to configure, they accept
both and serve both (otherwise, it would be an operational nightmare).

> My understanding so far is a DNS server cannot be run in a mixed
> (supporting both NSEC and NSEC3) mode.

That's not true.



More information about the dns-operations mailing list