[Opendnssec-user] NSEC3PARAM and OPTOUT

Emil Natan shlyoko at gmail.com
Tue Dec 23 14:11:20 UTC 2014


This one is easy to reproduce.
ods-ksmutil -V
opendnssec version 1.4.6

>From kasp.xml:
                                        <Salt length="8"/>

When the zonefile is signed, the NSEC3PARAM flag indicates OPT-OUT disabled
(when it's enabled in the configuration).

test.org.       0       IN      NSEC3PARAM      1 0 10 e5d234b3dc0e03a3

The NSEC3 records though have it right.

pufepsta7kv6r1uo2t3nchdkqpdhaqak.test.org.      86400   IN      NSEC3   1 1
10 e5d234b3dc0e03a3  8a2j6ietl8fhltcfp1l25mf7qfu6dt69 A NS SOA MX RRSIG

Can someone else confirm that behavior?

Happy holidays,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20141223/3509f319/attachment.htm>

More information about the Opendnssec-user mailing list