> I try to configure OpenDNSSEC to use the BIND daemon as the signer > (because we update the zone with RFC 2136). We also use NSEC3. > > One of the problems is that OpenDNSSEC changes the NSEC3 salt and BIND > is not told about it so cannot update NSEC3PARAM. > > Is there a way to run an arbitrary program when resalting occurs? So I > can dynupdate BIND?
Not currently. I can add this to our list of feature requests though. > Alternatively, is there a way to disable resalting (other than setting > <Resalt> to an extremely high value)? Again, not currently. I'll add both of these to our list of future work. Sion _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
