Hi Antonio, you need to use algorightm number 7 (e.g. RSASHA1-NSEC3-SHA1). RSASHA1 is pre-NSEC3 number.
O. On Wed, Oct 31, 2012 at 11:16 AM, Antonio Marcos López Alonso <[email protected]> wrote: > Hi all, > > I'm setting up a testing DNSSEC server using BIND 9.7.3 and OpenDNSSEC. I have > succesfully signed a zone using ods and RSASHA1 (algorithm 5) for NSEC3, but > BIND complains refusing to load the zone: > > warning: zone myzone.mydomain.org/IN: unsupported nsec3 hash algorithm: 5 > error: zone myzone.mydomain.org/IN: no supported nsec3 hash algorithm > error: zone myzone.mydomain.org/IN: not loaded due to errors. > > Someone told me BIND 9.7.3 supports RSASHA1 for NSEC3, as he succesfully > signed and loaded the zone after using the dnstools, so I would like someone > to confirm this and to cast some light on why this error is being issued. > > Thanks in advance, > Antonio > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user -- Ondřej Surý <[email protected]> _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
