Hi!
We have a setup with Powerdns between a bind master and bind
secondaries. The master signs the zone without "opt-out". Thus, the
NSEC3 records in the zone transfer from master->PDNS haev the NSEC3 flag
set to 0. When the bind secondaries transfer the zone from PDNS, the
NSEC3 records all have the NSEC3 flag set to 1 (opt-out). Of course this
breaks the signature of the NSEC3 RR.
Is this a known issue? Is there a config option to fix this?
Thanks
Klaus
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
