Am Freitag, den 26.06.2015, 09:53 +0200 schrieb Peter J. Philipp:
> I can't find the -3 - option to generate NSEC3 RR's with
> dnssec-signzone. Am I reading the manual page wrong or is this a
> missing feature? If it is I'll probably leave NSEC3 out.
That's because old OpenBSD used an old version of ISC Bind (and thus an
old version of dnssec-tools).
Solution 1 (ISC): Get a newer version of bind from ports. You do not
need to use the bind itself, it's the /usr/local/bin/dnssec-signzone,
you're looking for.
Solution 2 (NLnet Labs): Get ldns from ports.
Cheers
David
