Hi > Thank you all for the help, but <Salt length="0"/> is still generating a salt > value. Does OpenDNSSEC not support zero length salt values?
Have you imported the updated policies after updating the KASP file?, you will probably need to run `ods-enforcer policy import` and also update the zone’s signconf file, `ods-signer update signconf`. Then verify the signconf config file for the zone, usually located in `/var/opendnssec/signconf/ZONE.xml`, but could be set differently in your config. HTH, Kareem. -- Abdulkareem H. Ali Technical Product Owner, DNS CentralNic Registry - Team Internet Group PLC London Stock Exchange Symbol: LON:TIG +44 20 3388 0600 www.centralnicregistry.com<https://www.centralnicregistry.com> Centralnic Group PLC is a company registered in England and Wales with company number 8576358. Registered Offices: CentralNic, 4th Floor, Saddlers House, 44 Gutter Lane, London, EC2V 6BR. From: Opendnssec-user <opendnssec-user-boun...@lists.opendnssec.org> on behalf of Bruno Blanes via Opendnssec-user <opendnssec-user@lists.opendnssec.org> Date: Monday, 28 October 2024 at 12:16 To: Antonio Prado <anto...@prado.it> Cc: opendnssec-user@lists.opendnssec.org <opendnssec-user@lists.opendnssec.org> Subject: Re: [Opendnssec-user] Adhering to RFC 9276 Sec. 3.1 Thank you all for the help, but <Salt length="0"/> is still generating a salt value. Does OpenDNSSEC not support zero length salt values? > -----Original Message----- > From: Antonio Prado <anto...@prado.it> > Sent: Friday, October 25, 2024 3:51 PM > To: Bruno Blanes <bruno.bla...@outlook.com> > Cc: opendnssec-user@lists.opendnssec.org > Subject: Re: [Opendnssec-user] Adhering to RFC 9276 Sec. 3.1 > > On 10/25/24 3:45 PM, Bruno Blanes via Opendnssec-user wrote: > > > I’ve been trying to set OpenDNSSEC to generate the NSEC3 parameter > > with an empty salt and zero iterations (as per RFC 9276 Sec. 3.1), but > > to no avail. I have tried setting <Iterations> to zero as well as > > <Salt> length parameter, but couldn’t get it working. > > > > Could some kind angel help me out here, please? > > hi, > > <NSEC3> > <Hash> > <Algorithm>1</Algorithm> > <Iterations>0</Iterations> > <Salt length="0"/> > </Hash> > </NSEC3> > > then apply the policy and wait > -- > antonio _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
