My last statement is incorrect: the patch to "dnssec-tools.conf" is not sufficient. Apparently the contents of that file are only read by the tools if their command-lines are empty.
That means that zonesigner needs its set of options amended as previously described: # zonesigner -szopts "-O full" -genkeys -usensec3 -zone ... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1215093 Title: "Bad NSEC data" when using zonesigner -usensec3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnssec-tools/+bug/1215093/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
