> Nevertheless, it seems there are still two bugs: > 1. The NSEC3 chain is not properly cleared when switching from > non-opt-out to opt-out
That does seem incorrect (though under the circumstances it may be harmless). Could you please report it to bind9-b...@isc.org, including details of how you made the changes? > 2. The NSEC3PARAM record always has the opt-out flag clear, even if > opt-out is activated. Not a bug, as noted elsewhere. > Finally a question: The NSEC3 RFC allows a mixed opt-out mode within a > zone. Is this used by Bind or does Bind always either use opt-out or > non-opt-out? BIND doesn't currently provide a mechanism for that. If it's something you need, please send a feature request to bind-sugg...@isc.org. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users