[Opendnssec-user] KASP configuration questions

Nick Urbanik nicku at nicku.org
Wed Feb 22 23:00:38 UTC 2023


Dear Folks,

I want to use the slightly more modern algorithm 13 (ECDSA P256) for
key signing, and want to disable salting in NSEC3, and have one
iteration only of hashing.
                <Denial>
                         <NSEC3>
                                 <Resalt>PT0S</Resalt>
                                 <Hash>
                                         <Algorithm>1</Algorithm>
                                         <Iterations>1</Iterations>
                                         <Salt length="0"/>
                                 </Hash>
                         </NSEC3>
                 </Denial>
I added a length="256" attribute to the algorithm element, which
seemed to make the software happier.  However, it does not like the
value I gave for Resalt.  How do you express that you want no salt in
your NSEC3 records?

The documentation seems to require me to read the source code.
-- 
Nick Urbanik             http://nicku.org           nicku at nicku.org
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24


More information about the Opendnssec-user mailing list