[Opendnssec-user] Disabling resalting?

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Feb 22 10:54:27 UTC 2010

I try to configure OpenDNSSEC to use the BIND daemon as the signer
(because we update the zone with RFC 2136). We also use NSEC3.

One of the problems is that OpenDNSSEC changes the NSEC3 salt and BIND
is not told about it so cannot update NSEC3PARAM.

Is there a way to run an arbitrary program when resalting occurs? So I
can dynupdate BIND?

Alternatively, is there a way to disable resalting (other than setting
<Resalt> to an extremely high value)?

More information about the Opendnssec-user mailing list