See part of the dicsussion Miek and I had at the golang group:
http://code.google.com/p/go/issues/detail?can=2&start=0&num=100&q=&colspec=ID%20Status%20Stars%20Priority%20Owner%20Reporter%20Summary&groupby=&sort=&id=3161 The bug seems to be that dnssec-keygen upgraded the fermat prime that is used per default from F0 to F4, but did not change that "-e" would get you the next fermat number. The result is that people who upgrade bind and don't notice this changed behaviour are not changing their scripts that explicitely use "-e". I would recommend that dnssec-keygen starts ignoring the "-e" parameter that everyone has put in their scripts to prevent exponent 3 keys, who are not getting keys with exponent 4294967296 + 1 (F5) Alternatively, if this is done on purpose, I guess we should all migrate the 64 bit machines :) You can detect these starts, as they start with BQE Paul _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
