NSEC3HASH(1) | BIND 9 | NSEC3HASH(1) |
nsec3hash - generate NSEC3 hash
nsec3hash {salt} {algorithm} {iterations} {domain}
nsec3hash -r {algorithm} {flags} {iterations} {salt} {domain}
nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity of NSEC3 records in a signed zone.
If this command is invoked as nsec3hash -r, it takes arguments in order, matching the first four fields of an NSEC3 record followed by the domain name: algorithm, flags, iterations, salt, domain. This makes it convenient to copy and paste a portion of an NSEC3 or NSEC3PARAM record into a command line to confirm the correctness of an NSEC3 hash.
BIND 9 Administrator Reference Manual, RFC 5155.
Internet Systems Consortium
2023, Internet Systems Consortium
2023-09-11 | 9.18.19-1~deb12u1-Debian |