On Sun, Aug 12, 2012 at 11:43:47AM +0800, GS Bryan wrote: > On Sun, Aug 12, 2012 at 2:15 AM, Nate Itkin <[email protected]> wrote: > > On Sun, Aug 12, 2012 at 01:17:11AM +0800, GS Bryan wrote: > >> How to exactly use the 'rndc signing -nsec3param' command? > >> The usage seems to be 'rndc signing -nsec3param <parameters> <zone > >> name>', but even the ARM doesn't say anything about what <parameters> > >> exactly looks like. > >> But from what I've glean from Uncle Google, an example command that > >> looks like this: 'rndc signing -nsec3param 1 0 10 FFFF example.com' > >> means:- > >> - SHA-1 is used for hashing. > >> - opt-out is turned off. > >> - iteration is done 10 times. > >> - the FFFF is the salt. > >> Am I right? So what kind of command I should enter if I were to use > >> SHA-256 for hashing, opt-out is turned on, iteration is done 15 times, > >> and salt is FFFFFF? > >> Does it looks like this: 'rndc signing -nsec3param 2 1 15 FFFFFF > >> example.com' ? > >> > >> -- > >> Bryan S.G. > > > > > > Yes. See "man nsec3hash" > > > > -- > > Nate Itkin > > Oh, but from the manpage, it says only SHA-1 is supported for hashing, > is that correct? No other algorithms? > -- > Bryan S.G.
AFAIK at this time. See RFC 5155 (http://tools.ietf.org/rfc/rfc5155.txt). -- Nate Itkin _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
