"Length"-output in DNSSEC-Policy state-files vs. "Key Length"-output on dnsviz.net
Tom
lists at verreckte-cheib.ch
Mon May 9 15:02:37 UTC 2022
Hi list
Using BIND-9.16.27:
I'm wondering about the value of the "Length"-field in the dnssec-policy
state-file output, which results in "Length: 256" for domains, which are
signed with algorithm 13 (ECDSAP256SHA256) and the "Key length"-output
for the domain on "dnsviz.net" (ZSK or KSK), which results in "Key
Length: 512".
# state file
$ grep Length Karcademics.ch.+013+19238.state
Length: 256
# The ZSK/KSK for this domain on "dnsviz.net"
Key Length: 512
What's the difference between this both values?
Many thanks.
Tom
More information about the bind-users
mailing list