Hi William, On Sat, 9 Jan 2016 13:41:51 -0600 Nick Williams <[email protected]> wrote:
> I can’t think of anything I missed. And, clearly, PowerDNS is > correctly generating NSEC3 records. But it’s not signing those > records. This is because the zone is presigned, PowerDNS cannot generate the signatures on the NSEC records, as it assumes the NSEC records and RRSIGs are in place (as presigned zone most likely don't have the key material online). This is the case when e.g. a zone is slaved or signed using opendnssec. -- Pieter Lexis PowerDNS.COM BV -- https://www.powerdns.com _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
