+--On 14 juillet 2010 18:38:44 +0200 Matthijs Mekking <matth...@nlnetlabs.nl> wrote: | -----BEGIN PGP SIGNED MESSAGE----- | Hash: SHA1 | | Hi Mathieu, | | I believe that it is correct that the signer puts that much NSEC3 | records in the zone. It has two for the domain names | d.0.1.f.f.8.f.4.2.0.0.2.ip6.arpa. and | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.0.1.f.f.8.f.4.2.0.0.2.ip6.arpa. | | and 19 for the empty non-terminals that exist between these two domain | names. | | So perhaps the auditor is complaining unjust.
Well, that was my point to begin with, there are either too many nsec3 thingies, or the auditor has a bug :-) -- Mathieu Arnold _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user