2012/11/9 Tony Finch <d...@dotat.at>: > Peter Andreev <andreev.pe...@gmail.com> wrote: >> >> We signed another zone and met the same problem again. The only >> difference is algorithm - now it is RSASHA256. >> >> > We have ~30 servers running BIND (9.8, 9.7, 9.6). A week ago we >> > signed first of our zones with RSA/SHA1 + NSEC3 + OPT-OUT. >> > Recently we realised that our servers don't generate NSEC3 for signed zone. >> > Problem has gone after we restarted BIND instances. >> >> We are using views, could it be related? > > Did you add an NSEC3PARAM record?
Yes, we did. > > The signing algorithms that support NSEC3 use NSEC by default unless the > zone has an NSEC3PARAM record. > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ > Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. > Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, > occasionally poor at first. -- AP _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users