NSEC3HASH(1) BIND 9 NSEC3HASH(1)
NAME
nsec3hash - generate NSEC3 hash
SYNOPSIS
nsec3hash {salt} {algorithm} {iterations} {domain}
nsec3hash -r {algorithm} {flags} {iterations} {salt} {domain}
DESCRIPTION
nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters.
This can be used to check the validity of NSEC3 records in a signed
zone.
If this command is invoked as nsec3hash -r, it takes arguments in or-
der, matching the first four fields of an NSEC3 record followed by the
domain name: algorithm, flags, iterations, salt, domain. This makes it
convenient to copy and paste a portion of an NSEC3 or NSEC3PARAM record
into a command line to confirm the correctness of an NSEC3 hash.
ARGUMENTS
salt This is the salt provided to the hash algorithm.
algorithm
This is a number indicating the hash algorithm. Currently the
only supported hash algorithm for NSEC3 is SHA-1, which is indi-
cated by the number 1; consequently "1" is the only useful value
for this argument.
flags This is provided for compatibility with NSEC3 record presenta-
tion format, but is ignored since the flags do not affect the
hash.
iterations
This is the number of additional times the hash should be per-
formed.
domain This is the domain name to be hashed.
SEE ALSO
BIND 9 Administrator Reference Manual, RFC 5155.
AUTHOR
Internet Systems Consortium
COPYRIGHT
2025, Internet Systems Consortium
9.18.33-1~deb12u2-Debian 2025-01-20 NSEC3HASH(1)
Generated by dwww version 1.15 on Wed Sep 3 13:54:00 CEST 2025.