other versions
- buster 1:9.11.5.P4+dfsg-5.1+deb10u3
- buster-backports 1:9.16.15-1~bpo10+1
- testing 1:9.16.15-1
- unstable 1:9.16.15-1
- experimental 1:9.13.3-1+b1
NSEC3HASH(8) | BIND 9 | NSEC3HASH(8) |
NAME¶
nsec3hash - generate NSEC3 hashSYNOPSIS¶
nsec3hash {salt} {algorithm} {iterations} {domain}nsec3hash -r {algorithm} {flags} {iterations} {salt} {domain}
DESCRIPTION¶
nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity of NSEC3 records in a signed zone.If this command is invoked as nsec3hash -r, it takes arguments in order, matching the first four fields of an NSEC3 record followed by the domain name: algorithm, flags, iterations, salt, domain. This makes it convenient to copy and paste a portion of an NSEC3 or NSEC3PARAM record into a command line to confirm the correctness of an NSEC3 hash.
ARGUMENTS¶
- salt
- This is the salt provided to the hash algorithm.
- algorithm
- This is a number indicating the hash algorithm. Currently the only supported hash algorithm for NSEC3 is SHA-1, which is indicated by the number 1; consequently "1" is the only useful value for this argument.
- flags
- This is provided for compatibility with NSEC3 record presentation format, but is ignored since the flags do not affect the hash.
- iterations
- This is the number of additional times the hash should be performed.
- domain
- This is the domain name to be hashed.
SEE ALSO¶
BIND 9 Administrator Reference Manual, RFC 5155.AUTHOR¶
Internet Systems ConsortiumCOPYRIGHT¶
2021, Internet Systems Consortium2021-04-19 | 9.16.15-Debian |