[Opendnssec-user] Adhering to RFC 9276 Sec. 3.1
Stefan Ubbink
Stefan.Ubbink at sidn.nl
Tue Oct 29 06:59:29 UTC 2024
On Mon, 28 Oct 2024 17:44:13 +0000
Bruno Blanes via Opendnssec-user <opendnssec-user at lists.opendnssec.org>
wrote:
Hello Bruno,
> So resalt wasn't doing anything because the salt wasn't old enough,
> after purposefully changing the resalt period to make in run, it
> printed the following message on my logfile when using <Salt
> length="0"/>:
>
> [policy_resalt_task] policy default has an invalid salt length. Must
> be in range [0..255]
Which version of OpenDNSSEC are you using? Because there has been a fix
for that issue in 2.1.11 [1]. So if you are not yet using that version
or higher, please upgrade.
[cut how to configure OpenDNSSEC to adhere to RFC 9276 sec. 3.1]
[1] https://github.com/opendnssec/opendnssec/blob/2.1.14/NEWS#L29
--
Stefan Ubbink
DNS & Systems Engineer
Present: Mon, Tue, Wed, Fri
SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands
T +31 (0)26 352 55 00
https://www.sidn.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20241029/f1d63e9e/attachment-0001.bin>
More information about the Opendnssec-user
mailing list