mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

Change nsec3param default to iter 0 salt-length 0

Browse Source 
When using 'nsec3param' in 'dnssec-policy' and no specific parameters
are provided, default to zero additional iterations and no salt, as
recommended by draft-ietf-dnsop-nsec3-guidance.
This commit is contained in:
Matthijs Mekking
2021-10-20 16:36:11 +02:00
parent 8c1fc49974
commit 8f324b4717
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/arm/reference.rst
View File

@@ -5209,7 +5209,7 @@ The following options can be specified in a ``dnssec-policy`` statement:
:: ::
nsec3param iterations 5 optout no salt-length 8; nsec3param iterations 0 optout no salt-length 0;
The default is to use NSEC. The ``iterations``, ``optout`` and The default is to use NSEC. The ``iterations``, ``optout`` and
``salt-length`` parts are optional, but if not set, the values in ``salt-length`` parts are optional, but if not set, the values in

4
lib/isccfg/kaspconf.c
View File

@@ -30,8 +30,8 @@
#include <isccfg/kaspconf.h> #include <isccfg/kaspconf.h>
#include <isccfg/namedconf.h> #include <isccfg/namedconf.h>
#define DEFAULT_NSEC3PARAM_ITER 5 #define DEFAULT_NSEC3PARAM_ITER 0
#define DEFAULT_NSEC3PARAM_SALTLEN 8 #define DEFAULT_NSEC3PARAM_SALTLEN 0
/* /*
* Utility function for getting a configuration option. * Utility function for getting a configuration option.