[dns-operations] signing a zone with NSEC3 records.
ravikondamuru at gmail.com
Wed Sep 9 18:32:29 UTC 2009
I am trying to sign a zone and use NSEC3 instead of NSEC.
I used the NSECRSASHA1 as the algorithm when generating the keys. I see that
the algorithm value is "7".
However when I sign the zone it still generates NSEC records in the file.
Is there some place I can look for the steps to generate NSEC3 signed zone?
I see there are 3 additional options in dnssign-zone: -3 salt (NSEC3 salt),
-H iterations (NSEC3 iterations) and -A (NSEC3 optout).
how do I generate the "salt" file?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations