Update NSEC3 guidance to match draft-ietf-dnsop-nsec3-guidance-10

https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-nsec3-guidance-10
is on it's way to become RFC, so let's update our recommendations in the
docs to be in line with it.

doc/man/dnssec-keygen.1in

@@ -50,7 +50,7 @@ generated.
 This option uses an NSEC3\-capable algorithm to generate a DNSSEC key. If this
 option is used with an algorithm that has both NSEC and NSEC3
 versions, then the NSEC3 version is selected; for example,
-\fBdnssec\-keygen \-3a RSASHA1\fP specifies the NSEC3RSASHA1 algorithm.
+\fBdnssec\-keygen \-3 \-a RSASHA1\fP specifies the NSEC3RSASHA1 algorithm.
 .UNINDENT
 .INDENT 0.0
 .TP

doc/man/dnssec-signzone.1in

@@ -408,18 +408,39 @@ KSK\-flagged keys to sign all records, not just the DNSKEY RRset.
 This option generates an NSEC3 chain with the given hex\-encoded salt. A dash
 (\-) can be used to indicate that no salt is to be used when
 generating the NSEC3 chain.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+\fB\-3 \-\fP is the recommended configuration. Adding salt provides no practical benefits.
+.UNINDENT
+.UNINDENT
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-H iterations
 This option indicates that, when generating an NSEC3 chain, BIND 9 should use this many iterations. The default
 is 0.
+.sp
+\fBWARNING:\fP
+.INDENT 7.0
+.INDENT 3.5
+Values greater than 0 cause interoperability issues and also increase the risk of CPU\-exhausting DoS attacks.
+.UNINDENT
+.UNINDENT
 .UNINDENT
 .INDENT 0.0
 .TP
 .B \-A
 This option indicates that, when generating an NSEC3 chain, BIND 9 should set the OPTOUT flag on all NSEC3
 records and should not generate NSEC3 records for insecure delegations.
+.sp
+\fBWARNING:\fP
+.INDENT 7.0
+.INDENT 3.5
+Do not use this option unless all its implications are fully understood. This option is intended only for extremely large zones (comparable to \fBcom.\fP) with sparse secure delegations.
+.UNINDENT
+.UNINDENT
 .UNINDENT
 .INDENT 0.0
 .TP

doc/man/rndc.8in

@@ -567,15 +567,21 @@ representing SHA\-1. The \fBflags\fP may be set to \fB0\fP or \fB1\fP,
 depending on whether the opt\-out bit in the NSEC3
 chain should be set. \fBiterations\fP defines the number of additional times to apply
 the algorithm when generating an NSEC3 hash. The \fBsalt\fP is a string
-of data expressed in hexadecimal, a hyphen (\fI\-\(aq) if no salt is to be
-used, or the keyword \(ga\(gaauto\(ga\fP, which causes \fI\%named\fP to generate a
+of data expressed in hexadecimal, a hyphen (\fB\-\fP) if no salt is to be
+used, or the keyword \fBauto\fP, which causes \fI\%named\fP to generate a
 random 64\-bit salt.
 .sp
-So, for example, to create an NSEC3 chain using the SHA\-1 hash
-algorithm, no opt\-out flag, 10 iterations, and a salt value of
-"FFFF", use: \fBrndc signing \-nsec3param 1 0 10 FFFF zone\fP\&. To set
-the opt\-out flag, 15 iterations, and no salt, use:
-\fBrndc signing \-nsec3param 1 1 15 \- zone\fP\&.
+The only recommended configuration is \fBrndc signing \-nsec3param 1 0 0 \- zone\fP,
+i.e. no salt, no additional iterations, no opt\-out.
+.sp
+\fBWARNING:\fP
+.INDENT 7.0
+.INDENT 3.5
+Do not use extra iterations, salt, or opt\-out unless all their implications
+are fully understood. A higher number of iterations causes interoperability
+problems and opens servers to CPU\-exhausting DoS attacks.
+.UNINDENT
+.UNINDENT
 .sp
 \fBrndc signing \-nsec3param none\fP removes an existing NSEC3 chain and
 replaces it with NSEC.