[Opendnssec-user] auditor bug: NSEC includes SSHFP which is not in rrsets for git.foo.com.

Paul Wouters paul at nohats.ca
Wed Feb 8 19:14:48 UTC 2012

On Wed, 8 Feb 2012, Matthijs Mekking wrote:

> Hi Paul,
> I just tried it with my own zone, but the signer does not include the
> SSHFP RRtype in the NSEC and so the auditor has nothing to complain about.
> Which version are you using?


It might work with other records too. Try using an MX record, then
changing the entry to CNAME and removing the MX.


More information about the Opendnssec-user mailing list