bind9

Author SHA1 Message Date

Author	SHA1	Message	Date
Matthijs Mekking	d35dab3db8	Add check for NSEC3 and key algorithms NSEC3 is not backwards compatible with key algorithms that existed before the RFC 5155 specification was published. (cherry picked from commit `00c5dabea3`)	2020-11-26 14:15:03 +00:00
Matthijs Mekking	2a1793a2be	Check nsec3param configuration values Check 'nsec3param' configuration for the number of iterations. The maximum number of iterations that are allowed are based on the key size (see https://tools.ietf.org/html/rfc5155#section-10.3). Check 'nsec3param' configuration for correct salt. If the string is not "-" or hex-based, this is a bad salt. (cherry picked from commit `7039c5f805`)	2020-11-26 14:15:03 +00:00

Matthijs Mekking

d35dab3db8

Add check for NSEC3 and key algorithms

NSEC3 is not backwards compatible with key algorithms that existed
before the RFC 5155 specification was published.

(cherry picked from commit 00c5dabea3)

2020-11-26 14:15:03 +00:00

Matthijs Mekking

2a1793a2be

Check nsec3param configuration values

Check 'nsec3param' configuration for the number of iterations.  The
maximum number of iterations that are allowed are based on the key
size (see https://tools.ietf.org/html/rfc5155#section-10.3).

Check 'nsec3param' configuration for correct salt. If the string is
not "-" or hex-based, this is a bad salt.

(cherry picked from commit 7039c5f805)

2020-11-26 14:15:03 +00:00

2 Commits