1NSEC3HASH(8)                        BIND 9                        NSEC3HASH(8)
2
3
4

NAME

6       nsec3hash - generate NSEC3 hash
7

SYNOPSIS

9       nsec3hash {salt} {algorithm} {iterations} {domain}
10
11       nsec3hash -r {algorithm} {flags} {iterations} {salt} {domain}
12

DESCRIPTION

14       nsec3hash  generates  an NSEC3 hash based on a set of NSEC3 parameters.
15       This can be used to check the validity of NSEC3  records  in  a  signed
16       zone.
17
18       If  this  command is invoked as nsec3hash -r, it takes arguments in or‐
19       der, matching the first four fields of an NSEC3 record followed by  the
20       domain  name: algorithm, flags, iterations, salt, domain. This makes it
21       convenient to copy and paste a portion of an NSEC3 or NSEC3PARAM record
22       into a command line to confirm the correctness of an NSEC3 hash.
23

ARGUMENTS

25       salt   This is the salt provided to the hash algorithm.
26
27       algorithm
28              This  is  a  number indicating the hash algorithm. Currently the
29              only supported hash algorithm for NSEC3 is SHA-1, which is indi‐
30              cated by the number 1; consequently "1" is the only useful value
31              for this argument.
32
33       flags  This is provided for compatibility with NSEC3  record  presenta‐
34              tion  format,  but  is ignored since the flags do not affect the
35              hash.
36
37       iterations
38              This is the number of additional times the hash should  be  per‐
39              formed.
40
41       domain This is the domain name to be hashed.
42

SEE ALSO

44       BIND 9 Administrator Reference Manual, RFC 5155.
45

AUTHOR

47       Internet Systems Consortium
48
50       2021, Internet Systems Consortium
51
52
53
54
559.16.23-RH                                                        NSEC3HASH(8)
Impressum