When performing tests using DNSViz.net, the algorithm used for creating the DS is shown: Digest type / Digest alg. For the record: this is not the same as the DNSSEC algorithm (https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xh tml). As the DS Digest type is currently set to "1" (which is SHA-1) I would like to change this in my ODS configuration. However, I cannot find any documentation on how to change this and which values are supported. RFC5155 only mentions SHA-1: https://tools.ietf.org/html/rfc5155#section-11. My guess is that it is related to this section in kasp.xml: <NSEC3><HASH><Algorithm>1</Algorithm></HASH></NSEC3>. If so, then I'm also guessing (based on testing other domains using DNSViz) that I can change this to "2" being SHA-256. Last but not least: any thoughts on how to perform this algorithm rollover? Using ODS 2.1.3.
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
