[Opendnssec-user] NSEC3 algorithm not supported in BIND 9.7.3?

Antonio Marcos López Alonso amla at ipna.csic.es
Wed Oct 31 10:16:34 UTC 2012

Hi all,

I'm setting up a testing DNSSEC server using BIND 9.7.3 and OpenDNSSEC. I have 
succesfully signed a zone using ods and RSASHA1 (algorithm 5) for NSEC3, but 
BIND complains refusing to load the zone:

warning: zone myzone.mydomain.org/IN: unsupported nsec3 hash algorithm: 5
error: zone myzone.mydomain.org/IN: no supported nsec3 hash algorithm
error: zone myzone.mydomain.org/IN: not loaded due to errors.

Someone told me BIND 9.7.3 supports RSASHA1 for NSEC3, as he succesfully 
signed and loaded the zone after using the dnstools, so I  would like someone 
to confirm this and to cast some light on why this error is being issued.

Thanks in advance,

More information about the Opendnssec-user mailing list