"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.16.7/bin/tools/nsec3hash.rst" (4 Sep 2020, 2198 Bytes) of package /linux/misc/dns/bind9/9.16.7/bind-9.16.7.tar.xz:

As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field. See also the last Fossies "Diffs" side-by-side code changes report for "nsec3hash.rst": 9.17.2_vs_9.17.3.

nsec3hash - generate NSEC3 hash


nsec3hash {salt} {algorithm} {iterations} {domain}

nsec3hash -r {algorithm} {flags} {iterations} {salt} {domain}


nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity of NSEC3 records in a signed zone.

If this command is invoked as nsec3hash -r, it takes arguments in an order matching the first four fields of an NSEC3 record, followed by the domain name: algorithm, flags, iterations, salt, domain. This makes it convenient to copy and paste a portion of an NSEC3 or NSEC3PARAM record into a command line to confirm the correctness of an NSEC3 hash.



The salt provided to the hash algorithm.


A number indicating the hash algorithm. Currently the only supported hash algorithm for NSEC3 is SHA-1, which is indicated by the number 1; consequently "1" is the only useful value for this argument.


Provided for compatibility with NSEC3 record presentation format, but ignored since the flags do not affect the hash.


The number of additional times the hash should be performed.


The domain name to be hashed.

See Also

BIND 9 Administrator Reference Manual, 5155.