[ldns-users] [validns-users] offtopic - was Re: just started with validns - few problems

Matthijs Mekking matthijs at nlnetlabs.nl
Wed Feb 26 15:40:17 UTC 2014

On 02/26/2014 04:38 PM, Paul Wouters wrote:
> On Wed, 26 Feb 2014, Jelte Jansen wrote:
>> While you could argue the rationale of the NSEC3PARAM record versus
>> other ways to signal to auths which nsec3 chain to use, calling it a
>> bind hack that got copied into an rfc is misrepresenting history, IIRC
>> this came out of a WG workshop where other implementors (hi!) were just
>> as present as those from ISC :p
> Fait enough
>> As it is right now, you certainly can't just leave it out of the zone.
> Why not? When is it served as authoritative data? When does a validator
> require that record?

It is required for the secondaries. Otherwise it would be a hell to know
which NSEC3 chain is used.

Best regards,

>> From what I understand, it's a postit note for signers, and signers that
> are also authoritative servers in the same process (like bind :) need
> it?
> Paul
> _______________________________________________
> validns-users mailing list
> validns-users at x0.dk
> http://x0.dk/mailman/listinfo/validns-users

More information about the ldns-users mailing list