[Opendnssec-user] Adhering to RFC 9276 Sec. 3.1
Havard Eidnes
he at uninett.no
Fri Oct 25 17:32:33 UTC 2024
> Hello there folks,
> I've been trying to set OpenDNSSEC to generate the NSEC3
> parameter with an empty salt and zero iterations (as per RFC
> 9276 Sec. 3.1), but to no avail. I have tried setting
> <Iterations> to zero as well as <Salt> length parameter, but
> couldn't get it working.
> Could some kind angel help me out here, please?
We're using
<Denial>
<NSEC3>
<Resalt>P100D</Resalt>
<Hash>
<Algorithm>1</Algorithm>
<Iterations>0</Iterations>
<Salt length="8"/>
</Hash>
</NSEC3>
</Denial>
in kasp.xml.
Admittedly, it doesn't have a salt-length of 0 (should it?), but
at least it uses 0 iterations.
Regards,
- Håvard
More information about the Opendnssec-user
mailing list