nsec3hash − generate NSEC3 hash
nsec3hash {salt} {algorithm} {iterations} {domain}
nsec3hash −r {algorithm} {flags} {iterations} {salt} {domain}
nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity of NSEC3 records in a signed zone.
If this command is invoked as nsec3hash −r, it takes arguments in order, matching the first four fields of an NSEC3 record followed by the domain name: algorithm, flags, iterations, salt, domain. This makes it convenient to copy and paste a portion of an NSEC3 or NSEC3PARAM record into a command line to confirm the correctness of an NSEC3 hash.
salt |
This is the salt provided to the hash algorithm. |
algorithm
This is a number indicating the hash algorithm. Currently the only supported hash algorithm for NSEC3 is SHA−1, which is indicated by the number 1; consequently "1" is the only useful value for this argument.
flags |
This is provided for compatibility with NSEC3 record presentation format, but is ignored since the flags do not affect the hash. |
iterations
This is the number of additional times the hash should be performed.
domain |
This is the domain name to be hashed. |
BIND 9 Administrator Reference Manual, RFC 5155.
Internet Systems Consortium
2023, Internet Systems Consortium