- Original Message -
I have just set up DNSSEC on bind 9.9.3. I had set up the zone and
put a DS record out at the registrar. Several days later I found
that I had set up the keys incorrectly using only NSEC verses NSEC3
so i changed the keys. I deleted the old keys and DS record,
- Original Message -
Firstly you should not use NSEC3 unless you NEED to use NSEC3, NSEC
is more than sufficient for most zones. NSEC3 is more expensive
for both servers and clients. 99.999% of zones (forward and reverse)
DO NOT need to use NSEC3. They derive NO benefit from
I have just set up DNSSEC on bind 9.9.3. I had set up the zone and put a DS
record out at the registrar. Several days later I found that I had set up the
keys incorrectly using only NSEC verses NSEC3 so i changed the keys. I deleted
the old keys and DS record, and had bind resign everything
In message c27f9adb-21a3-445d-87bc-a97374e62...@cnri.reston.va.us, Stanley We
ilnau writes:
I have just set up DNSSEC on bind 9.9.3. I had set up the zone and put a DS
record out at the registrar. Several days later I found that I had set up th
e keys incorrectly using only NSEC verses
4 matches
Mail list logo