Home | History | Annotate | Line # | Download | only in tools 
      1 .. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
      2 ..
      3 .. SPDX-License-Identifier: MPL-2.0
      4 ..
      5 .. This Source Code Form is subject to the terms of the Mozilla Public
      6 .. License, v. 2.0.  If a copy of the MPL was not distributed with this
      7 .. file, you can obtain one at https://mozilla.org/MPL/2.0/.
      8 ..
      9 .. See the COPYRIGHT file distributed with this work for additional
     10 .. information regarding copyright ownership.
     11 
     12 .. highlight: console
     13 
     14 .. iscman:: nsec3hash
     15 .. program:: nsec3hash
     16 .. _man_nsec3hash:
     17 
     18 nsec3hash - generate NSEC3 hash
     19 -------------------------------
     20 
     21 Synopsis
     22 ~~~~~~~~
     23 
     24 :program:`nsec3hash` {salt} {algorithm} {iterations} {domain}
     25 
     26 :program:`nsec3hash` **-r** {algorithm} {flags} {iterations} {salt} {domain}
     27 
     28 Description
     29 ~~~~~~~~~~~
     30 
     31 :program:`nsec3hash` generates an NSEC3 hash based on a set of NSEC3
     32 parameters. This can be used to check the validity of NSEC3 records in a
     33 signed zone.
     34 
     35 If this command is invoked as ``nsec3hash -r``, it takes arguments in
     36 order, matching the first four fields of an NSEC3 record followed by the
     37 domain name: ``algorithm``, ``flags``, ``iterations``, ``salt``, ``domain``. This makes it
     38 convenient to copy and paste a portion of an NSEC3 or NSEC3PARAM record
     39 into a command line to confirm the correctness of an NSEC3 hash.
     40 
     41 Arguments
     42 ~~~~~~~~~
     43 
     44 .. option:: salt
     45 
     46    This is the salt provided to the hash algorithm.
     47 
     48 .. option:: algorithm
     49 
     50    This is a number indicating the hash algorithm. Currently the only supported
     51    hash algorithm for NSEC3 is SHA-1, which is indicated by the number
     52    1; consequently "1" is the only useful value for this argument.
     53 
     54 .. option:: flags
     55 
     56    This is provided for compatibility with NSEC3 record presentation format, but
     57    is ignored since the flags do not affect the hash.
     58 
     59 .. option:: iterations
     60 
     61    This is the number of additional times the hash should be performed.
     62 
     63 .. option:: domain
     64 
     65    This is the domain name to be hashed.
     66 
     67 See Also
     68 ~~~~~~~~
     69 
     70 BIND 9 Administrator Reference Manual, :rfc:`5155`.
     71