> Is there not a way to set NSEC3 parameters (pdnssec set-nsec3) for all zones?
No, because most people chose differing NSEC3PARAMs for their zones.
pdnssec list-all-zones | grep -v '^All zonecount:' | while read z
do
pdnssec set-nsec3 ...
done
Not terribl
Is there not a way to set NSEC3 parameters (pdnssec set-nsec3) for all zones?
There's secure-all-zones and rectify-all-zones, but nothing about set-nsec3 for
all zones. That could certainly get cumbersome on very large installations. :-/
Thanks,
Nick