Knot DNS issueshttps://gitlab.nic.cz/knot/knot-dns/-/issues2018-06-13T15:42:05+02:00https://gitlab.nic.cz/knot/knot-dns/-/issues/229Support for NSEC3 opt-out2018-06-13T15:42:05+02:00Jan VčelákSupport for NSEC3 opt-outCurrently, NSEC3 opt-out is not supported by zone signing. There is also no way to set the flag, as the flag in NSEC3PARAM has to be zero. The support can be added with the new DNSSEC library - the flag will be part of the KASP settings....Currently, NSEC3 opt-out is not supported by zone signing. There is also no way to set the flag, as the flag in NSEC3PARAM has to be zero. The support can be added with the new DNSSEC library - the flag will be part of the KASP settings.
Note: Bind allows setting of the flag via DDNS. NSEC3PARAM with opt-out enabled is written as a private RR type, which is used to control the signing. Final NSEC3PARAM in the zone has the flag cleared.
nextLibor PeltanLibor Peltan