[Opendnssec-user] KASP configuration questions
Nick Urbanik
nicku at nicku.org
Wed Feb 22 23:13:08 UTC 2023
Dear Folks,
On 23/02/23 10:00 +1100, Nick Urbanik via Opendnssec-user wrote:
>I want to
...
>disable salting in NSEC3, and have one iteration only of hashing.
> <Denial>
> <NSEC3>
> <Resalt>PT0S</Resalt>
> <Hash>
> <Algorithm>1</Algorithm>
> <Iterations>1</Iterations>
> <Salt length="0"/>
> </Hash>
> </NSEC3>
> </Denial>
>However, it does not like the value I gave for Resalt. How do you
>express that you want no salt in your NSEC3 records?
I changed Iterations to 0.
I changed Resalt to <Resalt>P2000D</Resalt>. Is that how to implement
the recommendations of RFC 9276?
--
Nick Urbanik http://nicku.org nicku at nicku.org
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24
More information about the Opendnssec-user
mailing list