[Opendnssec-user] auditor bug: NSEC includes SSHFP which is not in rrsets for git.foo.com.

[Paul Wouters]

On Wed, 8 Feb 2012, Matthijs Mekking wrote:

> Hi Paul,
>
> I just tried it with my own zone, but the signer does not include the
> SSHFP RRtype in the NSEC and so the auditor has nothing to complain about.
>
> Which version are you using?

opendnssec-1.3.4-1.el6.x86_64

It might work with other records too. Try using an MX record, then
changing the entry to CNAME and removing the MX.

Paul