[Opendnssec-user] NSEC3 algorithm not supported in BIND 9.7.3?

Paul Wouters paul at nohats.ca
Thu Nov 8 02:47:06 UTC 2012

On Tue, 6 Nov 2012, Antonio Marcos López Alonso wrote:

> I contacted BIND users mailing list and it seems the current, only-defined
> algorithm for NSEC3 is SHA-1 (number 1) - citation follows:


NSEC3 was added on later, so for RSA-SHA1 there are two versions,
one without NSEC3 (5) and one with NSEC3 (7) For all newer algorithms,
you can use either NSEC or NSEC3, you do not have to pick a different
DNSKEY algorithm for that.


More information about the Opendnssec-user mailing list