On 06/26/15 10:10, David Dahlberg wrote: > Am Freitag, den 26.06.2015, 09:53 +0200 schrieb Peter J. Philipp: > >> I can't find the -3 - option to generate NSEC3 RR's with >> dnssec-signzone. Am I reading the manual page wrong or is this a >> missing feature? If it is I'll probably leave NSEC3 out. > > That's because old OpenBSD used an old version of ISC Bind (and thus an > old version of dnssec-tools). > > Solution 1 (ISC): Get a newer version of bind from ports. You do not > need to use the bind itself, it's the /usr/local/bin/dnssec-signzone, > you're looking for. > > Solution 2 (NLnet Labs): Get ldns from ports. > > Cheers > > David >
Thanks David, I went with solution 1 and installed net/isc-bind, it has dnssec-signzone in /usr/local/sbin/ Cheers, -peter
