Hi HÃ¥vard, > it looks like the earlier problem I've had with a failure to remove > the old NSEC3PARAM resource records in a re-salt event is back again, > this time with OpenDNSSEC 1.4.10.
We have been able to reproduce the problem today. The offending sequence of events is: - ods-signer retransfer (do an AXFR) - Perform a resalt NSEC3PARAM record gets a special treatment during XFR since it is generated by OpenDNSSEC and it is not expected from the input zone. When processing changes after a AXFR the NSEC3PARAM record is skipped. This however causes any existing NSEC3PARAM record marked as 'added'. Later in the NSEC3 generate stage this causes the existing record to stay in the zone. Triggering your case. I do have a patch that works but we still have to evaluate if it is entirely correct. Regards, Yuri
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
