[Opendnssec-user] NSEC3 failure?

Havard Eidnes he at uninett.no
Sun Apr 3 22:12:39 UTC 2016


>> ...and if I'm not terribly mistaken, the three zones which have been
>> flagged in this way (yep, two more popped up) so far have all been
>> added to our OpenDNSSEC setup after we upgraded to 1.4.9.
>
> I think there is a relation but no causation in this case. They are
> probably added around the same time and thus resalted at the same time.
> Though not entirely sure on that.

Could very well be.  A couple of new zones came up with this
problem, and they didn't share the commonality with the others.

> I do have a possible fix ready.
> https://github.com/yschaeff/opendnssec/tree/double_nsec3param if you are
> feeling adventurous. It passes our regression tests but I wasn't able to
> reproduce the yet so I'm not 100 percent sure it is a fix.

Thanks!  I'm now running with this patch, we'll see in a while if
it's helped.

Regards,

- Håvard



More information about the Opendnssec-user mailing list