On Tue, 6 Nov 2012, Antonio Marcos López Alonso wrote:
I contacted BIND users mailing list and it seems the current, only-defined algorithm for NSEC3 is SHA-1 (number 1) - citation follows:
See https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml#dns-sec-alg-numbers-1 NSEC3 was added on later, so for RSA-SHA1 there are two versions, one without NSEC3 (5) and one with NSEC3 (7) For all newer algorithms, you can use either NSEC or NSEC3, you do not have to pick a different DNSKEY algorithm for that. Paul _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
