[Opendnssec-user] NSEC3PARAM and OPTOUT
Emil Natan
shlyoko at gmail.com
Tue Dec 23 14:11:20 UTC 2014
Hello,
This one is easy to reproduce.
ods-ksmutil -V
opendnssec version 1.4.6
>From kasp.xml:
<Denial>
<NSEC3>
<OptOut/>
<Resalt>P100D</Resalt>
<Hash>
<Algorithm>1</Algorithm>
<Iterations>10</Iterations>
<Salt length="8"/>
</Hash>
</NSEC3>
</Denial>
When the zonefile is signed, the NSEC3PARAM flag indicates OPT-OUT disabled
(when it's enabled in the configuration).
test.org. 0 IN NSEC3PARAM 1 0 10 e5d234b3dc0e03a3
The NSEC3 records though have it right.
pufepsta7kv6r1uo2t3nchdkqpdhaqak.test.org. 86400 IN NSEC3 1 1
10 e5d234b3dc0e03a3 8a2j6ietl8fhltcfp1l25mf7qfu6dt69 A NS SOA MX RRSIG
DNSKEY NSEC3PARAM
Can someone else confirm that behavior?
Happy holidays,
Emil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20141223/3509f319/attachment.htm>
More information about the Opendnssec-user
mailing list