Hi, > NSEC3PARAM records should be generated by the signing software and > not just be added to the zone. Who says that? :) I think that is a matter of implementation and preference.
> Their presence/absence changes how > the zone is served. In particular how negative and wildcard responses > are generated. And how is that different from sending them in from a trusted source (your unsigned version, hopefully using TSIG) VS sending them in via another trusted source (rndc)? Cheers, Wolfgang _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
