Have a look in the BIND log files when you are doing this
Look for lines containing: zone_addnsec3chain
for example, try changing just the salt...
(which is something one might do periodically...)
It all starts to make more sense.
I agree with the original posting thought - some more example
On Sun, Aug 12, 2012 at 01:17:11AM +0800, GS Bryan wrote:
> looks like this: 'rndc signing -nsec3param 1 0 10 example.com'
> means:-
> - SHA-1 is used for hashing.
> - opt-out is turned off.
> - iteration is done 10 times.
> - the is the salt.
> Am I right? So what kind of command I shoul
2 matches
Mail list logo
