NSEC3HASH(1) BIND 9 NSEC3HASH(1)
NAME
nsec3hash - generate NSEC3 hash
SYNOPSIS
nsec3hash {salt} {algorithm} {iterations} {domain}
nsec3hash -r {algorithm} {flags} {iterations} {salt} {domain}
DESCRIPTION
nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters.
This can be used to check the validity of NSEC3 records in a signed
zone.
If this command is invoked as
nsec3hash -r, it takes arguments in
order, matching the first four fields of an NSEC3 record followed by
the domain name:
algorithm,
flags,
iterations,
salt,
domain. This
makes it convenient to copy and paste a portion of an NSEC3 or
NSEC3PARAM record into a command line to confirm the correctness of
an NSEC3 hash.
ARGUMENTS
salt This is the salt provided to the hash algorithm.
algorithm This is a number indicating the hash algorithm. Currently the
only supported hash algorithm for NSEC3 is SHA-1, which is
indicated by the number 1; consequently "1" is the only useful
value for this argument.
flags This is provided for compatibility with NSEC3 record
presentation format, but is ignored since the flags do not
affect the hash.
iterations This is the number of additional times the hash should be
performed.
domain This is the domain name to be hashed.
SEE ALSO
BIND 9 Administrator Reference Manual,
RFC 5155.
AUTHOR
Internet Systems Consortium
COPYRIGHT
2025, Internet Systems Consortium
9.18.34 2025-02-11 NSEC3HASH(1)
