On 2012-07-05, at 10:45, Matthijs Mekking wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > On 07/05/2012 10:27 AM, Sander Smeenk wrote: >> Quoting Georg Sluyterman ([email protected]): >> <---cut---> >>> When i choose an algorithm type for NSEC3 it seems that only key >>> type 1 is allowed and not e.g. 5 or 7, although key type 1 is >>> deprecated according to IANA >>> (http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.txt). >>> >>> > Is this about to change, or is there some reason why this is the case? >> >> No idea. :) > > > The number 1 refers to the NSEC3 hash algorithm type. Only SHA-1 is > defined (1). I think you are confusing it with the DNSKEY algorithm > numbers, which should be set in the <Keys> section. If you want to use > NSEC3, you want to do 7. >
Okay. Would i work with NSEC3 if i choose e.g. 8 (RSA/SHA-256) for <Key> for zsk and ksk? -- Regards Georg Sluyterman _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
