7039c5f805
Check 'nsec3param' configuration for the number of iterations. The maximum number of iterations that are allowed are based on the key size (see https://tools.ietf.org/html/rfc5155#section-10.3). Check 'nsec3param' configuration for correct salt. If the string is not "-" or hex-based, this is a bad salt.
22 lines
533 B
Plaintext
22 lines
533 B
Plaintext
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
dnssec-policy "bad-salt" {
|
|
nsec3param salt "pepper";
|
|
};
|
|
|
|
zone "example.net" {
|
|
type master;
|
|
file "example.db";
|
|
dnssec-policy "bad-salt";
|
|
};
|
|
|