[Opendnssec-user] Disabling resalting?
sion at nominet.org.uk
sion at nominet.org.uk
Mon Feb 22 14:41:26 UTC 2010
> I try to configure OpenDNSSEC to use the BIND daemon as the signer
> (because we update the zone with RFC 2136). We also use NSEC3.
>
> One of the problems is that OpenDNSSEC changes the NSEC3 salt and BIND
> is not told about it so cannot update NSEC3PARAM.
>
> Is there a way to run an arbitrary program when resalting occurs? So I
> can dynupdate BIND?
Not currently. I can add this to our list of feature requests though.
> Alternatively, is there a way to disable resalting (other than setting
> <Resalt> to an extremely high value)?
Again, not currently.
I'll add both of these to our list of future work.
Sion
More information about the Opendnssec-user
mailing list