>> I've been trying to set OpenDNSSEC to generate the NSEC3 parameter >> with an empty salt and zero iterations (as per RFC 9276 Sec. 3.1), but >> to no avail. I have tried setting <Iterations> to zero as well as >> <Salt> length parameter, but couldn't get it working. >> Could some kind angel help me out here, please? > > hi, > > <NSEC3> > <Hash> > <Algorithm>1</Algorithm> > <Iterations>0</Iterations> > <Salt length="0"/> > </Hash> > </NSEC3> > > then apply the policy and wait
Hm, in my case I also needed to manually do "ods-enforcer resalt" before the new salt would be applied, despite waiting over the holiday period. Luckily, the old salt value was old enough that it got replaced. Regards, - HÃ¥vard _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
