Thank you all for the help, but <Salt length="0"/> is still generating a salt value. Does OpenDNSSEC not support zero length salt values?
> -----Original Message----- > From: Antonio Prado <anto...@prado.it> > Sent: Friday, October 25, 2024 3:51 PM > To: Bruno Blanes <bruno.bla...@outlook.com> > Cc: opendnssec-user@lists.opendnssec.org > Subject: Re: [Opendnssec-user] Adhering to RFC 9276 Sec. 3.1 > > On 10/25/24 3:45 PM, Bruno Blanes via Opendnssec-user wrote: > > > I’ve been trying to set OpenDNSSEC to generate the NSEC3 parameter > > with an empty salt and zero iterations (as per RFC 9276 Sec. 3.1), but > > to no avail. I have tried setting <Iterations> to zero as well as > > <Salt> length parameter, but couldn’t get it working. > > > > Could some kind angel help me out here, please? > > hi, > > <NSEC3> > <Hash> > <Algorithm>1</Algorithm> > <Iterations>0</Iterations> > <Salt length="0"/> > </Hash> > </NSEC3> > > then apply the policy and wait > -- > antonio _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
