> So, I have to do this again, if the NSEC3PARAM changes (e.g. with a > different salt during ZSK rollover)? Or does auto-dnssec maintain take > care on the changed NSEC3PARAM?
I'm not sure I understand the question; there's no requirement that you change the NSEC3 parameters during a key roll. However, whenever you do wish to change them, you can do so with 'rndc signing -nsec3param', and the chain will be updated automatically. (Also, if you want to switch to NSEC instead of NSEC3, you can use 'rndc signing -nsec3param none'.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
