[Opendnssec-user] Disabling resalting?

sion at nominet.org.uk sion at nominet.org.uk
Mon Feb 22 14:41:26 UTC 2010

> I try to configure OpenDNSSEC to use the BIND daemon as the signer
> (because we update the zone with RFC 2136). We also use NSEC3.
> One of the problems is that OpenDNSSEC changes the NSEC3 salt and BIND
> is not told about it so cannot update NSEC3PARAM.
> Is there a way to run an arbitrary program when resalting occurs? So I
> can dynupdate BIND?

Not currently. I can add this to our list of feature requests though.

> Alternatively, is there a way to disable resalting (other than setting
> <Resalt> to an extremely high value)?

Again, not currently.

I'll add both of these to our list of future work.


More information about the Opendnssec-user mailing list