On Sat, Jun 13, 2009 at 10:03 PM, Evan Hunt<e...@isc.org> wrote: > Why would you want them both? If you don't mind the drawbacks of NSEC, > why take on the operational and computational burdens of NSEC3?
I don't know why, I'm simply not knowledgeable enough in DNSSEC deployment. Currently I'm using bind 9.4.x, with NSEC records, but looking to move to 9.6.1, in fact my slaves are already 9.6.1, but my master isn't yet. I've recently read where .org has been signed, and using NSEC3. I thought it might be a good idea to resign my zones using NSEC3, but was unaware if both NSEC and NSEC3 were acceptable. Is it too soon to go NSEC3? No doubt a good portion of DNSSEC-aware resolvers arent NSEC3 capable yet, is this something I need to take into account? I use ISCs DLV, is NSEC3 an issue for that? I don't grasp whats going to be involved in a move from NSEC to NSEC3. Thanks -- aRDy Music and Rick Dicaire present: http://www.ardynet.com http://www.ardynet.com:9000/ardymusic.ogg.m3u -- aRDy Music and Rick Dicaire present: http://www.ardynet.com http://www.ardynet.com:9000/ardymusic.ogg.m3u _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
