[dnssec-deployment] Need Explanation.
paul at xelerance.com
Wed Oct 7 23:04:52 EDT 2009
On Thu, 8 Oct 2009, Amir Haris Ahmad wrote:
> Actually I'm create the new one and using dnssec-keygen with -a NSEC3RSASHA1 generating KSK & ZSK.
> After that using dnssec-signzone. Yes it appear to use id 7 for the algorithm and NSEC appear but not
> as NSEC3.. just want to confirm is it NSEC3
Ahh. Then add "-3 ababab -H 150" to the dnssec-signzone paramters to
enable NSEC3 with salt "ababab" and 150 iterations.
(for details on those see man dnssec-signzone)
More information about the Dnssec-deployment