<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;
panose-1:2 11 0 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-GB" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Hi<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">></span><span style="font-size:11.0pt"> Thank you all for the help, but <Salt length="0"/> is still generating a salt value. Does OpenDNSSEC not support zero length salt values?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Have you imported the updated policies after updating the KASP file?, you will probably need to run `ods-enforcer policy import` and also update the zone’s signconf file, `ods-signer update signconf`.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Then verify the signconf config file for the zone, usually located in `/var/opendnssec/signconf/ZONE.xml`, but could be set differently in your config.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">HTH,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Kareem.</span><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">--<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Abdulkareem H. Ali<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Technical Product Owner, DNS<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">CentralNic Registry - Team Internet Group PLC<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">London Stock Exchange Symbol: LON:TIG<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><br>
+44 20 3388 0600<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><a href="https://www.centralnicregistry.com" title="https://www.centralnicregistry.com"><span style="color:#0563C1">www.centralnicregistry.com</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Centralnic Group PLC is a company registered in England and Wales with company number 8576358. Registered Offices: CentralNic, 4th Floor, Saddlers House, 44 Gutter Lane, London,
EC2V 6BR.</span><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div id="mail-editor-reference-message-container">
<div>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="color:black">From:
</span></b><span style="color:black">Opendnssec-user <opendnssec-user-bounces@lists.opendnssec.org> on behalf of Bruno Blanes via Opendnssec-user <opendnssec-user@lists.opendnssec.org><br>
<b>Date: </b>Monday, 28 October 2024 at 12:16<br>
<b>To: </b>Antonio Prado <antonio@prado.it><br>
<b>Cc: </b>opendnssec-user@lists.opendnssec.org <opendnssec-user@lists.opendnssec.org><br>
<b>Subject: </b>Re: [Opendnssec-user] Adhering to RFC 9276 Sec. 3.1<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">Thank you all for the help, but <Salt length="0"/> is still generating a salt value. Does OpenDNSSEC not support zero length salt values?<br>
<br>
> -----Original Message-----<br>
> From: Antonio Prado <antonio@prado.it><br>
> Sent: Friday, October 25, 2024 3:51 PM<br>
> To: Bruno Blanes <bruno.blanes@outlook.com><br>
> Cc: opendnssec-user@lists.opendnssec.org<br>
> Subject: Re: [Opendnssec-user] Adhering to RFC 9276 Sec. 3.1<br>
> <br>
> On 10/25/24 3:45 PM, Bruno Blanes via Opendnssec-user wrote:<br>
> <br>
> > I’ve been trying to set OpenDNSSEC to generate the NSEC3 parameter<br>
> > with an empty salt and zero iterations (as per RFC 9276 Sec. 3.1), but<br>
> > to no avail. I have tried setting <Iterations> to zero as well as<br>
> > <Salt> length parameter, but couldn’t get it working.<br>
> ><br>
> > Could some kind angel help me out here, please?<br>
> <br>
> hi,<br>
> <br>
> <NSEC3><br>
> <Hash><br>
> <Algorithm>1</Algorithm><br>
> <Iterations>0</Iterations><br>
> <Salt length="0"/><br>
> </Hash><br>
> </NSEC3><br>
> <br>
> then apply the policy and wait<br>
> --<br>
> antonio<br>
_______________________________________________<br>
Opendnssec-user mailing list<br>
Opendnssec-user@lists.opendnssec.org<br>
<a href="https://lists.opendnssec.org/mailman/listinfo/opendnssec-user">https://lists.opendnssec.org/mailman/listinfo/opendnssec-user</a><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</body>
</html>