On Wed, Jul 08, 2009 at 09:20:29PM +, Evan Hunt wrote:
> > Is there any reason these flags should not be set by default?
>
> Yes, there is: the code as written uses the NSEC3PARAM record in a
> way that, debatably, could be an RFC violation. We're planning to
> correct this, and turn the fea
> Is there any reason these flags should not be set by default?
Yes, there is: the code as written uses the NSEC3PARAM record in a
way that, debatably, could be an RFC violation. We're planning to
correct this, and turn the feature on by default in 9.7.0. (I can't
promise, but it may make it in
Upgrading from 9.6.0-P1 to 9.6.1 on my master server
unexpectedly changed DNSKEY dynamic update behavior. My
tools to secure zones rely on insertion of DNSKEY
records via dynamic update. This stopped working when
I upgraded to 9.6.1.
The culprit seems to be:
*** bind-9.6.0-P1/bin/named/update.c
3 matches
Mail list logo
