[nsd-users] DS algorithm as mnemonic

Matthijs Mekking matthijs at nlnetlabs.nl
Tue Feb 28 10:00:23 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Miek,

This is correct. NSD only had up to RSASHA1 in its dns algorithm
table. Newer algorithms were never added due to backwards
incompatibility concerns.

However, we could allow newer mnemonics when reading in a zone (more
user friendly), and when writing always print the unsigned integer
value (more consistent, backwards compatible).

Best regards,
  Matthijs

On 02/27/2012 07:10 PM, Miek Gieben wrote:
> Hello,
> 
> I'm playing a little with NSD. The setup I have is that NSD is
> configured as a slave. I've used 'nsdc patch' to write a zone
> file.
> 
> I'm looking at this file right now and DS records with algorithm 5
> are written like:
> 
> IN DS 10240 RSASHA1 2 <hash>
> 
> In stead of:
> 
> IN DS 10240 5 2 <hash>
> 
> Other DS records with algorithms 7 and 8 are correct.
> 
> A little test show that BIND9 can at least read such a zone, but
> it seems a little inconsistent.
> 
> Can someone verify this?
> 
> grtz,
> 
> 
> 
> 
> _______________________________________________ nsd-users mailing
> list nsd-users at NLnetLabs.nl 
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPTKW2AAoJEA8yVCPsQCW5oosH/REol76AL09HCKT9GBz+qPID
gC+acH5NtaeLVABeEm2qP3wdefmCSTytznqx+6uyhKsvIaqPvJYnYHsCZvmZh+4Q
UUUcDEr/MyppsexaofpP0e6WqYQYxorItahGOuFYNFJE0naR3lZcwJUwXZkB2kDS
ccONPIAVYkQDg5wo6uNjZZnPszgSsarKeRXfSmXwlhOx652hIh3orsdSZceoZzQx
xBGPLBOPob1tsKU5YxOWNqXyj98cDCMI0Z7CIG1ilJN4pz3DMBUGXfdZNvPlr5xH
teq1cNeNSriNSYkJmNO0WzjabiY7tvC5eJYfw86+G36WRZy6ZhyhaDo8Mu29ig8=
=BfjD
-----END PGP SIGNATURE-----



More information about the nsd-users mailing list