diff options
Diffstat (limited to '')
-rw-r--r-- | bin/tools/nsec3hash.rst | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/bin/tools/nsec3hash.rst b/bin/tools/nsec3hash.rst new file mode 100644 index 0000000..9b174ce --- /dev/null +++ b/bin/tools/nsec3hash.rst @@ -0,0 +1,63 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +.. highlight: console + +.. _man_nsec3hash: + +nsec3hash - generate NSEC3 hash +------------------------------- + +Synopsis +~~~~~~~~ + +:program:`nsec3hash` {salt} {algorithm} {iterations} {domain} + +:program:`nsec3hash` **-r** {algorithm} {flags} {iterations} {salt} {domain} + +Description +~~~~~~~~~~~ + +``nsec3hash`` generates an NSEC3 hash based on a set of NSEC3 +parameters. This can be used to check the validity of NSEC3 records in a +signed zone. + +If this command is invoked as ``nsec3hash -r``, it takes arguments in +order, matching the first four fields of an NSEC3 record followed by the +domain name: ``algorithm``, ``flags``, ``iterations``, ``salt``, ``domain``. This makes it +convenient to copy and paste a portion of an NSEC3 or NSEC3PARAM record +into a command line to confirm the correctness of an NSEC3 hash. + +Arguments +~~~~~~~~~ + +``salt`` + This is the salt provided to the hash algorithm. + +``algorithm`` + This is a number indicating the hash algorithm. Currently the only supported + hash algorithm for NSEC3 is SHA-1, which is indicated by the number + 1; consequently "1" is the only useful value for this argument. + +``flags`` + This is provided for compatibility with NSEC3 record presentation format, but + is ignored since the flags do not affect the hash. + +``iterations`` + This is the number of additional times the hash should be performed. + +``domain`` + This is the domain name to be hashed. + +See Also +~~~~~~~~ + +BIND 9 Administrator Reference Manual, :rfc:`5155`. |