[Opendnssec-user] NSEC3 algorithm not supported in BIND 9.7.3?
Paul Wouters
paul at nohats.ca
Thu Nov 8 02:47:06 UTC 2012
On Tue, 6 Nov 2012, Antonio Marcos López Alonso wrote:
> I contacted BIND users mailing list and it seems the current, only-defined
> algorithm for NSEC3 is SHA-1 (number 1) - citation follows:
See
https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml#dns-sec-alg-numbers-1
NSEC3 was added on later, so for RSA-SHA1 there are two versions,
one without NSEC3 (5) and one with NSEC3 (7) For all newer algorithms,
you can use either NSEC or NSEC3, you do not have to pick a different
DNSKEY algorithm for that.
Paul
More information about the Opendnssec-user
mailing list