-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Rick,
If multiple NSEC3 specifications are configured, the signer will error. If a new one is configured, the signer will remove all old NSEC3s and nsecify the whole zone with the new NSEC3 specifications. Gradual NSEC(3) transition is on the radar, but has not yet been implemented. Best regards, Matthijs On 01/26/2011 12:18 PM, Rick van Rein wrote: > Hi Jakob / Matthijs, > >> http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/conf/signconf.rnc >> installed as PREFIX/share/opendnssec/signconf.{rng,rnc}. > > Jakob, I'd forgotten it was in an indirect format, thanks. > >>From this, I see there's one NSEC or NSEC3 specification per zone. > > Matthijs, what happens is .signconf starts to claim another NSEC3 > than it used to? Is it immediately handled, or gradually at some > pace? How do we know when it is done, how do we speed it up? > > Thanks, > -Rick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNQBN9AAoJEA8yVCPsQCW5magIAKvrBCd20xpt9H6lDVLrU18c w9N/xceKFrQ02hy5opep85oIxDzIZoWLStlvvipE/Mn2k+yoqW7G5b7vIHLKq+Qj VnhT9ApHJW+lWvEmfr0hLQNytCtZMjvw96mOKmMGYEiX1BAwIJuc9y75FljE1WIy JIGSAdcdTplgbmAhzCWAYrpQS6vVVA8nLs96n/y5+Bazsl+vWaZ3aaTqlMWyCTFx pkrga4buKpsz24OD4qj4bWgE8IpDOeyv8YKaMf18YZm27JyOnpQA19UC4QaUqzgq YPxyVhszBKPbz+uvqGl07zpusVS/Tge7jekrJx+gkSnAy+kgU/BvC7NVMdQZApA= =sG96 -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
