rndc signing -nsec3param

Nate Itkin bind-users at konadogs.net
Sun Aug 12 04:03:53 UTC 2012


On Sun, Aug 12, 2012 at 11:43:47AM +0800, GS Bryan wrote:
> On Sun, Aug 12, 2012 at 2:15 AM, Nate Itkin <bind-users at konadogs.net> wrote:
> > On Sun, Aug 12, 2012 at 01:17:11AM +0800, GS Bryan wrote:
> >> How to exactly use the 'rndc signing -nsec3param' command?
> >> The usage seems to be 'rndc signing -nsec3param <parameters> <zone
> >> name>', but even the ARM doesn't say anything about what <parameters>
> >> exactly looks like.
> >> But from what I've glean from Uncle Google, an example command that
> >> looks like this: 'rndc signing -nsec3param 1 0 10 FFFF example.com'
> >> means:-
> >> - SHA-1 is used for hashing.
> >> - opt-out is turned off.
> >> - iteration is done 10 times.
> >> - the FFFF is the salt.
> >> Am I right? So what kind of command I should enter if I were to use
> >> SHA-256 for hashing, opt-out is turned on, iteration is done 15 times,
> >> and salt is FFFFFF?
> >> Does it looks like this: 'rndc signing -nsec3param 2 1 15 FFFFFF example.com' ?
> >>
> >> --
> >> Bryan S.G.
> >
> >
> > Yes. See "man nsec3hash"
> >
> > --
> > Nate Itkin
> 
> Oh, but from the manpage, it says only SHA-1 is supported for hashing,
> is that correct? No other algorithms?
> --
> Bryan S.G.


AFAIK at this time. See RFC 5155 (http://tools.ietf.org/rfc/rfc5155.txt). 

-- 
Nate Itkin



More information about the bind-users mailing list