Specifying NSEC3 salt with dnssec-policy
Klaus Darilion
klaus.darilion at nic.at
Mon Sep 30 20:38:05 UTC 2024
Hello!
With "auto-dnssec maintain;" I was used to specify the NSEC3 salt with 'rndc signing -nsec3param'. Today I used the "dnssec-policy" and I failed to specify the salt manually. Are there any tricks/workarounds to manually specify the NSEC3 salt?
I know that actually the salt should be "-" but currently I am debugging a NSEC3 issue in our system and in such cases I always use Bind as a reference how the proper NSEC3 should look like. Hence I was in need to manually set the salt to be similar to the production zone. Luckily I was on 9.18 and switched back to auto-dnssec.
Thanks
Klaus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240930/192172d5/attachment.htm>
More information about the bind-users
mailing list