Handling of RSASHA256 and RSASHA512 in 9.6.1-P1 ?
Mark Andrews
marka at isc.org
Fri Aug 20 03:57:54 UTC 2010
In message <alpine.LRH.2.00.1008191403330.7615 at gaga.uits.indiana.edu>, Sue True
writes:
>
> Does 9.6.1-P1 as authoritative nameserver support RSASHA256 and RSASHA512 ?
>
> We are running 9.7.1-P2 and would like to use RSASHA256 or RSASHA512 to
> create the keys, but our secondary is still on 9.6.1-P1, can they handle
> our singed zone with RSASHA256 or RSASHA512, or they have to upgrade ?
BIND 9.[67].x should be able to serve any zone that is using NSEC
or NSEC3 regardless of the DNSSEC algorithm.
BIND 9.[345].x should be able to serve any zone that is using NSEC
regardless of the DNSSEC algorithm. 9.[345].x cannot correctly
serve a zone that is using NSEC3.
You need BIND 9.6.2 or BIND 9.7.0 onwards to generate zones which
use RSASHA256 or RSASHA512 and to validate such zones.
Mark
--
Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list