[dns-operations] signing a zone with NSEC3 records.
Ravi Kondamuru
ravikondamuru at gmail.com
Wed Sep 9 18:32:29 UTC 2009
Hi,
I am trying to sign a zone and use NSEC3 instead of NSEC.
I used the NSECRSASHA1 as the algorithm when generating the keys. I see that
the algorithm value is "7".
However when I sign the zone it still generates NSEC records in the file.
Is there some place I can look for the steps to generate NSEC3 signed zone?
I see there are 3 additional options in dnssign-zone: -3 salt (NSEC3 salt),
-H iterations (NSEC3 iterations) and -A (NSEC3 optout).
how do I generate the "salt" file?
thanks,
Ravi.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20090909/563eec64/attachment.html>
More information about the dns-operations
mailing list