blob: 4d1bc426769224f847144a98fef503ed9fda539c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
.\" Man page generated from reStructuredText.
.
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "NSEC3HASH" "1" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
.SH NAME
nsec3hash \- generate NSEC3 hash
.SH SYNOPSIS
.sp
\fBnsec3hash\fP {salt} {algorithm} {iterations} {domain}
.sp
\fBnsec3hash\fP \fB\-r\fP {algorithm} {flags} {iterations} {salt} {domain}
.SH DESCRIPTION
.sp
\fBnsec3hash\fP generates an NSEC3 hash based on a set of NSEC3
parameters. This can be used to check the validity of NSEC3 records in a
signed zone.
.sp
If this command is invoked as \fBnsec3hash \-r\fP, it takes arguments in
order, matching the first four fields of an NSEC3 record followed by the
domain name: \fBalgorithm\fP, \fBflags\fP, \fBiterations\fP, \fBsalt\fP, \fBdomain\fP\&. This makes it
convenient to copy and paste a portion of an NSEC3 or NSEC3PARAM record
into a command line to confirm the correctness of an NSEC3 hash.
.SH ARGUMENTS
.INDENT 0.0
.TP
.B salt
This is the salt provided to the hash algorithm.
.UNINDENT
.INDENT 0.0
.TP
.B algorithm
This is a number indicating the hash algorithm. Currently the only supported
hash algorithm for NSEC3 is SHA\-1, which is indicated by the number
1; consequently \(dq1\(dq is the only useful value for this argument.
.UNINDENT
.INDENT 0.0
.TP
.B flags
This is provided for compatibility with NSEC3 record presentation format, but
is ignored since the flags do not affect the hash.
.UNINDENT
.INDENT 0.0
.TP
.B iterations
This is the number of additional times the hash should be performed.
.UNINDENT
.INDENT 0.0
.TP
.B domain
This is the domain name to be hashed.
.UNINDENT
.SH SEE ALSO
.sp
BIND 9 Administrator Reference Manual, \fI\%RFC 5155\fP\&.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
2023, Internet Systems Consortium
.\" Generated by docutils manpage writer.
.
|