On 12/29/2010 3:37 AM, Marc Lampo wrote: > However, we now found the following case : > 1) registrar offers us DNSKEY information with algorithm 7 : > RSASHA1-NSEC3-SHA1 > 2) in the zone file, there are NSEC (and not NSEC3) records
This is not an error. The only reason for there being "different" algorithm numbers within RSASHA1 was to keep "older" systems that don't know about NSEC3 from dealing with NSEC3 responses incorrectly. All "newer" algorithms can be used for both NSEC and NSEC3. AlanC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
