[Opendnssec-user] NSEC3 failure?
Havard Eidnes
he at uninett.no
Fri Apr 1 08:31:26 UTC 2016
Hm,
seems I need to follow up on my own posting, as I see that all
the three "bad" zones have *two* NSEC3PARAM records:
255.39.128.in-addr.arpa. 0 IN NSEC3PARAM 1 0 5 45F39B9A60C14581
255.39.128.in-addr.arpa. 0 IN NSEC3PARAM 1 0 5 D9E0ED2449E3721D
while the good one only has one:
255.39.128.in-addr.arpa. 0 IN NSEC3PARAM 1 0 5 45F39B9A60C14581
I bet that's what's causing BIND's dnssec-verify to balk at the
"bad" zones.
Regards,
- Håvard
More information about the Opendnssec-user
mailing list