Inline signing with bind 9.9 and NSEC3

Question

Since version 9.9, Bind supports inline signing, but I don't find any information on how to make it working with NSEC3. I cannot add NSEC3PARAM RR with nsupdate : I think it's normal because of inline signing, but I cannot parameter this for inline signing.

Has someone setup and tested it, or an idea ?

Thanks for answers.

score 4 · Accepted Answer · edited Aug 09 '16 at 11:21

4

Finally I found the answer on bind-user mailing list.

Instead of using nsupdate, I should use the next command :

rndc signing -nsec3param 1 1 100 $(head -c 512 /dev/random | sha1sum | cut -b 1-16) <zonename>

Hope this question will help someone in the future.

edited Aug 09 '16 at 11:21

vmeurisse

3
2

answered Jul 04 '12 at 13:33

profy

1,126
9
19

Inline signing with bind 9.9 and NSEC3

1 Answers1