[Opendnssec-user] Some questions from a new ods user
Georg Sluyterman
georg at sman.dk
Thu Jul 5 09:20:26 UTC 2012
On 2012-07-05, at 10:45, Matthijs Mekking wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> On 07/05/2012 10:27 AM, Sander Smeenk wrote:
>> Quoting Georg Sluyterman (georg at sman.dk):
>>
<---cut--->
>>> When i choose an algorithm type for NSEC3 it seems that only key
>>> type 1 is allowed and not e.g. 5 or 7, although key type 1 is
>>> deprecated according to IANA
>>> (http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.txt).
>>>
>>>
> Is this about to change, or is there some reason why this is the case?
>>
>> No idea. :)
>
>
> The number 1 refers to the NSEC3 hash algorithm type. Only SHA-1 is
> defined (1). I think you are confusing it with the DNSKEY algorithm
> numbers, which should be set in the <Keys> section. If you want to use
> NSEC3, you want to do 7.
>
Okay.
Would i work with NSEC3 if i choose e.g. 8 (RSA/SHA-256) for <Key> for zsk and ksk?
--
Regards
Georg Sluyterman
More information about the Opendnssec-user
mailing list