Comment 0 for bug 1842939

On 18.04 with bind9/bionic-updates,bionic-proposed,now 1:9.11.3+dfsg-1ubuntu1.9

Where a zone file has DNSSEC enabled and an NSEC3PARAM record is added to the already-signed zone file:

example.com. IN NSEC3PARAM ( 1 0 10 16 0d95646237ae38bc )

an attempt to re-sign the zone file fails with:

dnssec-signzone -o example.com example.com.hosts
dnssec-signzone: error: dns_rdata_fromtext: example.com.hosts:165: near '0d95646237ae38bc': extra input text
dnssec-signzone: fatal: failed loading zone from 'example.com.hosts': extra input text

This seems related to upstream report "Problems signing a zone that already contains an NSEC3PARAM"

https://gitlab.isc.org/isc-projects/bind9/issues/953