[Opendnssec-user] Change DS algorithm type

Dennis Baaten dennis at baaten.com
Mon Feb 1 10:21:30 UTC 2021


When performing tests using DNSViz.net, the algorithm used for creating the
DS is shown: Digest type / Digest alg. For the record: this is not the same
as the DNSSEC algorithm
(https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xh
tml). 
As the DS Digest type is currently set to "1" (which is SHA-1) I would like
to change this in my ODS configuration. However, I cannot find any
documentation on how to change this and which values are supported. RFC5155
only mentions SHA-1: https://tools.ietf.org/html/rfc5155#section-11.
My guess is that it is related to this section in kasp.xml:
<NSEC3><HASH><Algorithm>1</Algorithm></HASH></NSEC3>. If so, then I'm also
guessing (based on testing other domains using DNSViz) that I can change
this to "2" being SHA-256. 
Last but not least: any thoughts on how to perform this algorithm rollover?
Using ODS 2.1.3.
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20210201/7cf4de25/attachment-0001.htm>


More information about the Opendnssec-user mailing list