[Opendnssec-user] Adhering to RFC 9276 Sec. 3.1
Bruno Blanes
bruno.blanes at outlook.com
Mon Oct 28 12:16:08 UTC 2024
Thank you all for the help, but <Salt length="0"/> is still generating a salt value. Does OpenDNSSEC not support zero length salt values?
> -----Original Message-----
> From: Antonio Prado <antonio at prado.it>
> Sent: Friday, October 25, 2024 3:51 PM
> To: Bruno Blanes <bruno.blanes at outlook.com>
> Cc: opendnssec-user at lists.opendnssec.org
> Subject: Re: [Opendnssec-user] Adhering to RFC 9276 Sec. 3.1
>
> On 10/25/24 3:45 PM, Bruno Blanes via Opendnssec-user wrote:
>
> > I’ve been trying to set OpenDNSSEC to generate the NSEC3 parameter
> > with an empty salt and zero iterations (as per RFC 9276 Sec. 3.1), but
> > to no avail. I have tried setting <Iterations> to zero as well as
> > <Salt> length parameter, but couldn’t get it working.
> >
> > Could some kind angel help me out here, please?
>
> hi,
>
> <NSEC3>
> <Hash>
> <Algorithm>1</Algorithm>
> <Iterations>0</Iterations>
> <Salt length="0"/>
> </Hash>
> </NSEC3>
>
> then apply the policy and wait
> --
> antonio
More information about the Opendnssec-user
mailing list