Hello,
OpenDNSSEC 2.1.13 running on FreeBSD 13.3.
Recently, dnsviz.net started reporting the lack of "Denial of existence" DNSSEC 
option error for all my domains:
ad2h.mydomain.org/A has errors; select the "Denial of existence" DNSSEC option 
to see them.mydomain.org/CDNSKEY has errors; select the "Denial of existence" 
DNSSEC option to see them.mydomain.org/CDS has errors; select the "Denial of 
existence" DNSSEC option to see them.mydomain.org/AAAA has errors; select the 
"Denial of existence" DNSSEC option to see them.mydomain.org/CNAME has errors; 
select the "Denial of existence" DNSSEC option to see them.
Is this due to TTL commented in my kasp.xml or I miss some other settings?
<Denial> <NSEC3> <!-- <TTL>PT0S</TTL> --> <!-- <OptOut/> --> 
<Resalt>P100D</Resalt>  <Hash>   <Algorithm>1</Algorithm>   
<Iterations>5</Iterations>   <Salt length="8"/>  </Hash> </NSEC3></Denial>
Thank you.
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

Reply via email to