[Opendnssec-user] Some questions from a new ods user
georg at sman.dk
Thu Jul 5 09:20:26 UTC 2012
On 2012-07-05, at 10:45, Matthijs Mekking wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 07/05/2012 10:27 AM, Sander Smeenk wrote:
>> Quoting Georg Sluyterman (georg at sman.dk):
>>> When i choose an algorithm type for NSEC3 it seems that only key
>>> type 1 is allowed and not e.g. 5 or 7, although key type 1 is
>>> deprecated according to IANA
> Is this about to change, or is there some reason why this is the case?
>> No idea. :)
> The number 1 refers to the NSEC3 hash algorithm type. Only SHA-1 is
> defined (1). I think you are confusing it with the DNSKEY algorithm
> numbers, which should be set in the <Keys> section. If you want to use
> NSEC3, you want to do 7.
Would i work with NSEC3 if i choose e.g. 8 (RSA/SHA-256) for <Key> for zsk and ksk?
More information about the Opendnssec-user