Hi Petr, the reason was or is, that we never changed salt before since we started with DNSSEC. So, we have not really experience about change the salt And because we are developing a new system to change our whole DNSSEC system it would be nice to have one factor less to take care about..
But it is not a showstopper for KNOT ;) best regards Christian -- Christian Petrasch Product Owner Zone Creation & Signing IT-Services DENIC eG Kaiserstraße 75-77 60329 Frankfurt am Main GERMANY E-Mail: [email protected] http://www.denic.de PGP-KeyID: 549BE0AE, Fingerprint: 0E0B 6CBE 5D8C B82B 0B49 DE61 870E 8841 549B E0AE Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt am Main) Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg Schweiger Vorsitzender des Aufsichtsrats: Thomas Keller Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht Frankfurt am Main Von: "Petr Špaček" <[email protected]> An: [email protected] Datum: 26.11.2018 13:30 Betreff: Re: [knot-dns-users] Define SALT String for NSEC3 Gesendet von: "knot-dns-users" <[email protected]> Hi Christian, what are you trying to achieve? Why would you need to configure salt value at all? I'm curious! :-) Petr Špaček @ CZ.NIC On 12. 11. 18 15:56, Christian Petrasch wrote: > Hi Daniel, > > thanks a lot for the fast answer.. > I have to discuss it with my stakeholders. > From my current situation I would appreciate it. > Because or current solution support this and we are testing to switch > the solution. At the moment I would prefer KNOTdns > It would be nice to configure our old salt to have one possibilty of > error less.. > This shouldn't mean that I'm afraid that it is not implemented well .. ;) > > best regards > > Christian > > > -- > Christian Petrasch > Product Owner > Zone Creation & Signing > IT-Services > > DENIC eG > Kaiserstraße 75-77 > 60329 Frankfurt am Main > GERMANY > > E-Mail: [email protected] > http://www.denic.de <http://www.denic.de/> > > PGP-KeyID: 549BE0AE, Fingerprint: 0E0B 6CBE 5D8C B82B 0B49 DE61 870E > 8841 549B E0AE > > Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt am Main) > Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg > Schweiger > Vorsitzender des Aufsichtsrats: Thomas Keller > Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht > Frankfurt am Main > > > > Von: "Daniel Salzman" <[email protected]> > An: "Christian Petrasch" <[email protected]>, > [email protected] > Datum: 12.11.2018 15:47 > Betreff: Re: [knot-dns-users] Define SALT String for NSEC3 > ------------------------------------------------------------------------ > > > > Hi Christian, > > There is no configuration for a custom NSEC3 salt value in Knot DNS. > So far there was no need for that. Is it important for you? > > Best, > Daniel > > On 11/12/18 3:33 PM, Christian Petrasch wrote: >> Hi, >> >> is there any knot-dns configuration parameter to define the SALT > string for NSEC3 ? >> I have : >> >> nsec3: BOOL >> nsec3-iterations: INT >> nsec3-opt-out: BOOL >> nsec3-salt-length: INT >> >> but nothing to configure the string.. >> >> Does anybody has an idea ? >> >> Any help would be really appreciated.. >> >> thanks a lot >> >> best regards >> -- >> Christian Petrasch >> Product Owner >> Zone Creation & Signing >> IT-Services >> >> DENIC eG >> Kaiserstraße 75-77 >> 60329 Frankfurt am Main >> GERMANY >> >> E-Mail: [email protected] >> http://www.denic.de <http://www.denic.de/><http://www.denic.de/> >> >> PGP-KeyID: 549BE0AE, Fingerprint: 0E0B 6CBE 5D8C B82B 0B49 DE61 870E > 8841 549B E0AE >> >> Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt am Main) >> Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg > Schweiger >> Vorsitzender des Aufsichtsrats: Thomas Keller >> Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht > Frankfurt am Main -- https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
-- https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
