In message <201211051152.45367.a...@ipna.csic.es>, Antonio Marcos =?iso-8859-1? q?L=F3pez_Alonso?= writes: > Hi, > > I'm testing a DNSSEC server using BIND 9.7.3 and OpenDNSSEC. I have > succesfully signed my local zone with ods tools and NSEC3 RSA/SHA1 (algorithm > s > 5 and 7, both being aliases), but BIND refuses to load the zone complaining > these algorithms are not supported: > > general: warning: zone myzone.mydomain.org/IN: unsupported nsec3 hash > algorithm: 7
The *only* defined hash algorithm for NSEC3 records is 1 (SHA-1). http://www.iana.org/assignments/dnssec-nsec3-parameters 5 and 7 refer to DNSKEY algorithms. http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml > general: error: zone myzone.mydomain.org/IN: no supported nsec3 hash algorith > m > general: error: zone myzone.mydomain.org/IN: not loaded due to errors. > > (the same happens with algorithm 5). > > Could this be a BIND bug? (Someone told me these algorithms are fully > supported). > > Kind regards, > Antonio > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
