[ldns-users] ldns-key2ds output uses wrong value for alg, and gets sha256 wrong

Paul Wouters paul at xelerance.com
Tue Aug 7 05:08:11 UTC 2007

On Tue, 7 Aug 2007, Paul Wouters wrote:

ldns-key2ds outputs:

dnsx.xelerance.com 3600    IN      DS      10732 RSASHA1 1 dabf2dacf174d2f89b9c3d64e036a7c97b880c13

While this should be, according to RFC3658 section 2.4 and 2.5 I believe this should be (though
that could have been written down a lot better):

dnsx.xelerance.com 3600    IN      DS      10732 5 1 dabf2dacf174d2f89b9c3d64e036a7c97b880c13

Also, the output of ldns-key2ds -1 and ldns-key2ds -2 is identical, so it looks like the -2
option actually doesn't create a sha256 hash, but a sha1 hash.


More information about the ldns-users mailing list