[nsd-users] DS algorithm as mnemonic
Peter van Dijk
peter.van.dijk at netherlabs.nl
Mon Feb 27 20:42:31 UTC 2012
Hello Miek,
On Feb 27, 2012, at 19:10 , Miek Gieben wrote:
> I'm playing a little with NSD. The setup I have is that NSD
> is configured as a slave. I've used 'nsdc patch' to write a
> zone file.
>
> I'm looking at this file right now and DS records with algorithm
> 5 are written like:
>
> IN DS 10240 RSASHA1 2 <hash>
>
> In stead of:
>
> IN DS 10240 5 2 <hash>
>
> Other DS records with algorithms 7 and 8 are correct.
>
> A little test show that BIND9 can at least read such a zone, but it
> seems a little inconsistent.
>
> Can someone verify this?
RFC4034 5.3 (http://tools.ietf.org/html/rfc4034#section-5.3) says this is allowed, pointing to a list in appendix A.1 (http://tools.ietf.org/html/rfc4034#appendix-A.1).
The appendix lists RSASHA1 but not 7 and 8 - so it looks like NSD uses the mnemonic when 4034 allows it, and uses the number otherwise.
Kind regards,
Peter van Dijk
More information about the nsd-users
mailing list