Hello, My knot 3.4.3 gives me following notice : notice: config, policy 'rail_policy' depends on default nsec3-salt-length=8, since version 3.5 the default becomes 0
In order to avoid problems when .5 will arrive, I see 2 possibilities: * add an explicit nsec3-salt-length=8 to my policy * add an explicit nsec3-salt-length=0 to my policy and resign the zone. >From >https://www.ietf.org/archive/id/draft-ietf-dnsop-nsec3-guidance-10.html#name-salt I understand that 0 should be the new configuration, but what are the risks (considering eg. DNS caches) if I change the policy of the zone? I only have small zones, with very few dynamic changes, which I can delay for the time of the TTL if needed. -- Erwan David --
