NSEC3HASH(8) BIND9 NSEC3HASH(8)NAME
nsec3hash - generate NSEC3 hash
SYNOPSIS
nsec3hash {salt} {algorithm} {iterations} {domain}
DESCRIPTION
nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity of NSEC3 records in a signed
zone.
ARGUMENTS
salt
The salt provided to the hash algorithm.
algorithm
A number indicating the hash algorithm. Currently the only supported hash algorithm for NSEC3 is SHA-1, which is indicated by the
number 1; consequently "1" is the only useful value for this argument.
iterations
The number of additional times the hash should be performed.
domain
The domain name to be hashed.
SEE ALSO
BIND 9 Administrator Reference Manual, RFC 5155.
AUTHOR
Internet Systems Consortium
COPYRIGHT
Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
BIND9 Feb 18, 2009 NSEC3HASH(8)
Check Out this Related Man Page
DNSSEC-VERIFY(8) BIND9 DNSSEC-VERIFY(8)NAME
dnssec-verify - DNSSEC zone verification tool
SYNOPSIS
dnssec-verify [-c class] [-E engine] [-I input-format] [-o origin] [-v level] [-x] [-z] {zonefile}
DESCRIPTION
dnssec-verify verifies that a zone is fully signed for each algorithm found in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
chains are complete.
OPTIONS -c class
Specifies the DNS class of the zone.
-I input-format
The format of the input zone file. Possible formats are "text" (default) and "raw". This option is primarily intended to be used for
dynamic signed zones so that the dumped zone file in a non-text format containing updates can be verified independently. The use of
this option does not make much sense for non-dynamic zones.
-o origin
The zone origin. If not specified, the name of the zone file is assumed to be the origin.
-v level
Sets the debugging level.
-x
Only verify that the DNSKEY RRset is signed with key-signing keys. Without this flag, it is assumed that the DNSKEY RRset will be
signed by all active keys. When this flag is set, it will not be an error if the DNSKEY RRset is not signed by zone-signing keys. This
corresponds to the -x option in dnssec-signzone.
-z
Ignore the KSK flag on the keys when determining whether the zone if correctly signed. Without this flag it is assumed that there will
be a non-revoked, self-signed DNSKEY with the KSK flag set for each algorithm and that RRsets other than DNSKEY RRset will be signed
with a different DNSKEY without the KSK flag set.
With this flag set, we only require that for each algorithm, there will be at least one non-revoked, self-signed DNSKEY, regardless of
the KSK flag state, and that other RRsets will be signed by a non-revoked key for the same algorithm that includes the self-signed key;
the same key may be used for both purposes. This corresponds to the -z option in dnssec-signzone.
zonefile
The file containing the zone to be signed.
SEE ALSO dnssec-signzone(8), BIND 9 Administrator Reference Manual, RFC 4033.
AUTHOR
Internet Systems Consortium
COPYRIGHT
Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
BIND9 April 12, 2012 DNSSEC-VERIFY(8)
Introduction
I have seen some misinformation regarding Unix file permissions. I will try to set the record straight. Take a look at this example of some output from ls:
$ ls -ld /usr/bin /usr/bin/cat
drwxrwxr-x 3 root bin 8704 Sep 23 2004 /usr/bin
-r-xr-xr-x 1 bin bin ... (6 Replies)
I have a file which looks roughly like this:
996 mmmmmmm
996 xxxxxxxxxxxxx
99600 ssssssssss
9964 fffffffffffff
and would like to sort it numerically on the first field. I tried:
sort -nr --key=1 ....
The output I get is:
99600 ssssssssss
9964 ... (3 Replies)
Suppose I have a main() function with only one malloc statement allocating say some 1 gb memory. Also say my system has 1 gb of ram.
main()
{
malloc(1gb)
return(0)
}
The program above exits without freeing the memory.
In this case will the 1 gb of heap memory be returned... (9 Replies)
I'm trying to install a PGX32 video card on my Sparc 10 Ultra running Solaris 10.
I've got the Oracle installation guide for it and I got as far as:
"4. Insert the CD-ROM labeled “GFX OpenWindows for Solaris 2” into the drive."
I don't have a CD-ROM by that name and a web search for that... (21 Replies)
Hey All,
Quick question...
I'm writing a short script to check if a continuous port is running on a server.
I'm using "ps -ef | grep -v grep | grep processName" and I was wondering if it was better/more reliable to just check the
return code from the command or if its better to pipe to... (12 Replies)
I installed NetBSD 6.1.2 amd64 and can't find the apm utility. Is it not in the base system?
Is it necessary to recompile the default amd64 kernel to use apm?
Or is there a new method for power management and suspend/resume? (2 Replies)
Hi,
I am learning shell scripting for the first time. I use AT&T Korn Shell, Version AJM 93u+ 2012-08-01, compiled from source on NetBSD.
So far I have managed to set up what I think is a useful and pleasing shell prompt, which can be seen in the image attached to this post.
The prompt is... (2 Replies)
Hey gang, I have a list of times I need to sum up. This list can vary from a few to a few thousand entries. Now I had found a closed reference to adding time titled "add up time with xx:yy format in bash how?" In it, the example works great for that formatted list of times... This is the reply code... (5 Replies)
Usually when I on the evening go to bed I take some interesting book with me. I read it for a while to get me down to sleep. Probably most people seek information from the Nett by googleing but I am so oldfashioned I prefer a real book ;)
But what a book. The one I found and ordered is BSD Unix®... (0 Replies)
On the late 1960s I got short hands on experience with a russian "small" computer. It vas a copy of DEC's VAX ... and running some version of BSD-Unix. After that I worked in a university following the development of computing. After retire I started collecting old pc's and installing... (13 Replies)