> Can both nsec and nsec3 records be used simultaneously in a zone file, > or is it an either/or?
Why would you want them both? If you don't mind the drawbacks of NSEC, why take on the operational and computational burdens of NSEC3? To answer the question, while I don't think the RFCs explicitly forbid it, BIND9 doesn't currently support it. We do have plans, in a future release, to allow both NSEC and NSEC3 to exist in a zone--but only as a temporary transitional state when a zone is being converted from one to another; it wouldn't be persistent. So, if you were converting from NSEC to NSEC3, both chains would exist, but as soon as the NSEC3 chain was complete the NSEC chain would be removed. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
