[Opendnssec-user] Adhering to RFC 9276 Sec. 3.1
Havard Eidnes
he at uninett.no
Wed Jan 8 14:48:31 UTC 2025
>> I've been trying to set OpenDNSSEC to generate the NSEC3 parameter
>> with an empty salt and zero iterations (as per RFC 9276 Sec. 3.1), but
>> to no avail. I have tried setting <Iterations> to zero as well as
>> <Salt> length parameter, but couldn't get it working.
>> Could some kind angel help me out here, please?
>
> hi,
>
> <NSEC3>
> <Hash>
> <Algorithm>1</Algorithm>
> <Iterations>0</Iterations>
> <Salt length="0"/>
> </Hash>
> </NSEC3>
>
> then apply the policy and wait
Hm, in my case I also needed to manually do "ods-enforcer resalt"
before the new salt would be applied, despite waiting over the
holiday period.
Luckily, the old salt value was old enough that it got replaced.
Regards,
- Håvard
More information about the Opendnssec-user
mailing list