BIND 9.7.3 and NSEC3 hash algorithms 5 & 7 (RSA/SHA-1)

Antonio Marcos López Alonso amla at
Mon Nov 5 11:52:45 UTC 2012


I'm testing a DNSSEC server using BIND 9.7.3 and OpenDNSSEC. I have 
succesfully signed my local zone with ods tools and NSEC3 RSA/SHA1 (algorithms 
5 and 7, both being aliases), but BIND refuses to load the zone complaining 
these algorithms are not supported:

general: warning: zone unsupported nsec3 hash 
algorithm: 7
general: error: zone no supported nsec3 hash algorithm
general: error: zone not loaded due to errors.

(the same happens with algorithm 5).

Could this be a BIND bug? (Someone told me these algorithms are fully 

Kind regards,

More information about the bind-users mailing list