On 05/12/2016 04:41 PM, Günther J. Niederwimmer wrote: > Hello, > I have the Problem to find the correct way for NSEC3PARAM ? > > With your Help I have this found > > ipa dnszone-mod example.com. --nsec3param-rec "<hash_algorithm> <flags> > <iterations> <salt>" > > But it dos not work correct ? > > Now the question, is this the correct way > > ipa dnszone-mod example.com. --nsec3param-rec "1 7 100 f9ba6264232b7283" > > to insert the NSEC3PARAMETER ??
This should be right, there were related fixes by https://fedorahosted.org/freeipa/ticket/4413 Your second command works in my test environment: # ipa dnszone-mod example.com. --nsec3param-rec "1 7 100 f9ba6264232b7283" # dig -t nsec3param example.com. +short 1 7 100 F9BA6264232B7283 Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
