Hi, As said, we are planning to use OpenDNSSEC to manage siging our zone and like to use NSEC3. Looking around for best practices about NSEC3, one thing that comes back a lot is to resalt your NSEC3 records each time you resign the corresponding RR-set.
Now if I read the OpenDNSSEC docs correctly, then it only supports setting a interval when to resalt, but that does not really is useful when you are using jitter in the signing part of the configuration. How difficult would it be to support resalting at the same time that resigning is done ? Thanks, Tim -- Tim Verhoeven - [email protected] - 0479 / 88 11 83 Hoping the problem magically goes away by ignoring it is the "microsoft approach to programming" and should never be allowed. (Linus Torvalds) _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
