Hello, I was looking for the DTD or XML Schema describing the .signconf files, but failed to find them?
Anyway, it's semantics, not just syntax I'm interested in: Can we manually specify multiple NSEC3 parameter sections in .signconf files, and if we do, will the Signer create multiple NSEC3 portions of our zones? Will it be done quickly, or somehow spread over time? Background: We are preparing to migrate from shared-key policies to non-sharing, as our HSM vendor is opening up their licenses to support that form. It'd be best to do that with uninterrupted DNSSEC, and found a method for doing this by manually merging the .signconf to an intermediate format. Adding keys is clear, but NSEC3 is not. Thanks, -Rick _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
