rndc signing -nsec3param

GS Bryan chifuyu at anime.my
Sun Aug 12 03:43:47 UTC 2012


On Sun, Aug 12, 2012 at 2:15 AM, Nate Itkin <bind-users at konadogs.net> wrote:
> On Sun, Aug 12, 2012 at 01:17:11AM +0800, GS Bryan wrote:
>> How to exactly use the 'rndc signing -nsec3param' command?
>> The usage seems to be 'rndc signing -nsec3param <parameters> <zone
>> name>', but even the ARM doesn't say anything about what <parameters>
>> exactly looks like.
>> But from what I've glean from Uncle Google, an example command that
>> looks like this: 'rndc signing -nsec3param 1 0 10 FFFF example.com'
>> means:-
>> - SHA-1 is used for hashing.
>> - opt-out is turned off.
>> - iteration is done 10 times.
>> - the FFFF is the salt.
>> Am I right? So what kind of command I should enter if I were to use
>> SHA-256 for hashing, opt-out is turned on, iteration is done 15 times,
>> and salt is FFFFFF?
>> Does it looks like this: 'rndc signing -nsec3param 2 1 15 FFFFFF example.com' ?
>>
>> --
>> Bryan S.G.
>
>
> Yes. See "man nsec3hash"
>
> --
> Nate Itkin

Oh, but from the manpage, it says only SHA-1 is supported for hashing,
is that correct? No other algorithms?
--
Bryan S.G.



More information about the bind-users mailing list