Hi,
Am I right that https://wiki.opendnssec.org/display/DOCS/kasp.xml lists all the Salt options for NSEC3? That is, only salt length can be specified, but not an actual salt value or list of salts? When using multiple signers, it would be preferred to be able to predict the new salts used. So it would be nice if this can live in kasp.xml, instead of in /var/opendnssec/signconf/domain.xml, which is generated only after the signer has been put to work. Consider this a feature request. As a work around for this issue, we decided to start using no salt. I noticed <Salt length="0"/> did not work as expected, and it still generated an 8 byte salt. I had to remove the entire Salt tag to get no salt. Consider this a bug report :) Furthermore, the default values for iteration count between bind (10) and opendnssec (5) is different. It would probably be a good idea if both parties could look at using the same default value. Paul _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
