BIND 9.7.3 and NSEC3 hash algorithms 5 & 7 (RSA/SHA-1)
Antonio Marcos López Alonso
amla at ipna.csic.es
Mon Nov 5 11:52:45 UTC 2012
Hi,
I'm testing a DNSSEC server using BIND 9.7.3 and OpenDNSSEC. I have
succesfully signed my local zone with ods tools and NSEC3 RSA/SHA1 (algorithms
5 and 7, both being aliases), but BIND refuses to load the zone complaining
these algorithms are not supported:
general: warning: zone myzone.mydomain.org/IN: unsupported nsec3 hash
algorithm: 7
general: error: zone myzone.mydomain.org/IN: no supported nsec3 hash algorithm
general: error: zone myzone.mydomain.org/IN: not loaded due to errors.
(the same happens with algorithm 5).
Could this be a BIND bug? (Someone told me these algorithms are fully
supported).
Kind regards,
Antonio
More information about the bind-users
mailing list