[Freeipa-users] DNSSEC NSEC3 Parameter
Martin Kosek
mkosek at redhat.com
Fri May 13 07:40:05 UTC 2016
On 05/12/2016 04:41 PM, Günther J. Niederwimmer wrote:
> Hello,
> I have the Problem to find the correct way for NSEC3PARAM ?
>
> With your Help I have this found
>
> ipa dnszone-mod example.com. --nsec3param-rec "<hash_algorithm> <flags>
> <iterations> <salt>"
>
> But it dos not work correct ?
>
> Now the question, is this the correct way
>
> ipa dnszone-mod example.com. --nsec3param-rec "1 7 100 f9ba6264232b7283"
>
> to insert the NSEC3PARAMETER ??
This should be right, there were related fixes by
https://fedorahosted.org/freeipa/ticket/4413
Your second command works in my test environment:
# ipa dnszone-mod example.com. --nsec3param-rec "1 7 100 f9ba6264232b7283"
# dig -t nsec3param example.com. +short
1 7 100 F9BA6264232B7283
Martin
More information about the Freeipa-users
mailing list