ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Update NSEC3 guidance to match draft-ietf-dnsop-nsec3-guidance-10

Browse Source 
https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-nsec3-guidance-10
is on it's way to become RFC, so let's update our recommendations in the
docs to be in line with it.
This commit is contained in:
Petr Špaček
2022-06-09 19:26:40 +02:00
parent 529a7c0c1a
commit 2ee3f4e6c8
12 changed files with 236 additions and 199 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
doc/notes/notes-current.rst
View File

@@ -35,9 +35,12 @@ Removed Features
Feature Changes
~~~~~~~~~~~~~~~
- :option:The `dnssec-signzone -H` default value has been changed to 0 additional
- The :option:`dnssec-signzone -H` default value has been changed to 0 additional
NSEC3 iterations. This change aligns the :iscman:`dnssec-signzone` default with
the default used by the :ref:`dnssec-policy <dnssec_policy_grammar>` feature.
At the same time, documentation about NSEC3 has been aligned with
`Best Current Practice
<https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-nsec3-guidance-10>`__.
:gl:`#3395`
Bug Fixes