> dnssec-signzone incorrectly leaves NSEC records in a zone when "re-using" > the old signed zone when changing from NSEC to NSEC3. The resulting zone > file will contain both NSEC and NSEC3 records.
Yes. Moreover, it does the same thing when changing from NSEC3 to NSEC, which you can do by accident far too easily--simply by forgetting the -3 flag when you re-sign. There's an open bug ticket about this, I plan to fix it soon. Thanks for mentioning it. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
