[Opendnssec-user] Multiple NSEC3 in signconf?
Matthijs Mekking
matthijs at NLnetLabs.nl
Wed Jan 26 12:28:46 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Rick,
If multiple NSEC3 specifications are configured, the signer will error.
If a new one is configured, the signer will remove all old NSEC3s and
nsecify the whole zone with the new NSEC3 specifications.
Gradual NSEC(3) transition is on the radar, but has not yet been
implemented.
Best regards,
Matthijs
On 01/26/2011 12:18 PM, Rick van Rein wrote:
> Hi Jakob / Matthijs,
>
>> http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/conf/signconf.rnc
>> installed as PREFIX/share/opendnssec/signconf.{rng,rnc}.
>
> Jakob, I'd forgotten it was in an indirect format, thanks.
>
>>From this, I see there's one NSEC or NSEC3 specification per zone.
>
> Matthijs, what happens is .signconf starts to claim another NSEC3
> than it used to? Is it immediately handled, or gradually at some
> pace? How do we know when it is done, how do we speed it up?
>
> Thanks,
> -Rick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNQBN9AAoJEA8yVCPsQCW5magIAKvrBCd20xpt9H6lDVLrU18c
w9N/xceKFrQ02hy5opep85oIxDzIZoWLStlvvipE/Mn2k+yoqW7G5b7vIHLKq+Qj
VnhT9ApHJW+lWvEmfr0hLQNytCtZMjvw96mOKmMGYEiX1BAwIJuc9y75FljE1WIy
JIGSAdcdTplgbmAhzCWAYrpQS6vVVA8nLs96n/y5+Bazsl+vWaZ3aaTqlMWyCTFx
pkrga4buKpsz24OD4qj4bWgE8IpDOeyv8YKaMf18YZm27JyOnpQA19UC4QaUqzgq
YPxyVhszBKPbz+uvqGl07zpusVS/Tge7jekrJx+gkSnAy+kgU/BvC7NVMdQZApA=
=sG96
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list