> ...and if I'm not terribly mistaken, the three zones which have been > flagged in this way (yep, two more popped up) so far have all been > added to our OpenDNSSEC setup after we upgraded to 1.4.9.
I think there is a relation but no causation in this case. They are probably added around the same time and thus resalted at the same time. Though not entirely sure on that. I do have a possible fix ready. https://github.com/yschaeff/opendnssec/tree/double_nsec3param if you are feeling adventurous. It passes our regression tests but I wasn't able to reproduce the yet so I'm not 100 percent sure it is a fix. I think there is a window between a resalt and a manual resign or incoming zone transfer where this double nsec3param can occur. I hope that I can reproduce it soon with this new insight. //Yuri
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
