Hi Libor..
thanks a lot for this information..
because we have to do a lot before we can run in production i suppose this
is early enough..
thanks a lot for your great work :)
best regards
Christian
--
Christian Petrasch
Product Owner
Zone Creation & Signing
IT-Services
DENIC eG
Kaiserstraße 75-77
60329 Frankfurt am Main
GERMANY
E-Mail: petrasch@denic.de
http://www.denic.de
PGP-KeyID: 549BE0AE, Fingerprint: 0E0B 6CBE 5D8C B82B 0B49 DE61 870E
8841 549B E0AE
Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt am Main)
Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg Schweiger
Vorsitzender des Aufsichtsrats: Thomas Keller
Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht Frankfurt
am Main
Von:
"libor.peltan"
<libor.peltan@nic.cz>
An:
knot-dns-users@lists.nic.cz
Datum:
26.11.2018 13:48
Betreff:
Re: [knot-dns-users]
Define SALT String for NSEC3
Gesendet von:
"knot-dns-users"
<knot-dns-users-bounces@lists.nic.cz>
Hi all,
the NSEC3 salt is stored in KASP DB (the
storage for keys and their metadata), so it will be not overly difficult
to implement salt manipulation with keymgr utility. But such new feature
will be released as part of some future versions of Knot, not immediately.
Libor
Dne 26.11.18 v 13:41 Christian Petrasch
napsal(a):
Hi Petr,
the reason was or is, that we never changed salt before since we started
with DNSSEC. So, we have not really experience about change the salt
And because we are developing a new system to change our whole DNSSEC system
it would be nice to have one factor less to take care about..
But it is not a showstopper for KNOT ;)
best regards
Christian
--
Christian Petrasch
Product Owner
Zone Creation & Signing
IT-Services
DENIC eG
Kaiserstraße 75-77
60329 Frankfurt am Main
GERMANY
E-Mail: petrasch@denic.de
http://www.denic.de
PGP-KeyID: 549BE0AE, Fingerprint: 0E0B 6CBE 5D8C B82B 0B49 DE61 870E
8841 549B E0AE
Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt am Main)
Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg Schweiger
Vorsitzender des Aufsichtsrats: Thomas Keller
Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht Frankfurt
am Main
Von: "Petr
©paèek" <petr.spacek@nic.cz>
An: knot-dns-users@lists.nic.cz
Datum: 26.11.2018
13:30
Betreff: Re:
[knot-dns-users] Define SALT String for NSEC3
Gesendet von: "knot-dns-users"
<knot-dns-users-bounces@lists.nic.cz>
Hi Christian,
what are you trying to achieve? Why would you need to configure salt
value at all? I'm curious! :-)
Petr ©paèek @ CZ.NIC
On 12. 11. 18 15:56, Christian Petrasch wrote:
> Hi Daniel,
>
> thanks a lot for the fast answer..
> I have to discuss it with my stakeholders.
> From my current situation I would appreciate it.
> Because or current solution support this and we are testing to switch
> the solution. At the moment I would prefer KNOTdns
> It would be nice to configure our old salt to have one possibilty
of
> error less..
> This shouldn't mean that I'm afraid that it is not implemented well
.. ;)
>
> best regards
>
> Christian
>
>
> --
> Christian Petrasch
> Product Owner
> Zone Creation & Signing
> IT-Services
>
> DENIC eG
> Kaiserstraße 75-77
> 60329 Frankfurt am Main
> GERMANY
>
> E-Mail: petrasch@denic.de
> http://www.denic.de
<http://www.denic.de/>
>
> PGP-KeyID: 549BE0AE, Fingerprint: 0E0B 6CBE 5D8C B82B 0B49 DE61
870E
> 8841 549B E0AE
>
> Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt
am Main)
> Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
> Schweiger
> Vorsitzender des Aufsichtsrats: Thomas Keller
> Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
> Frankfurt am Main
>
>
>
> Von: "Daniel Salzman" <daniel.salzman@nic.cz>
> An: "Christian Petrasch" <petrasch@denic.de>,
> knot-dns-users@lists.nic.cz
> Datum: 12.11.2018 15:47
> Betreff: Re: [knot-dns-users] Define SALT
String for NSEC3
> ------------------------------------------------------------------------
>
>
>
> Hi Christian,
>
> There is no configuration for a custom NSEC3 salt value in Knot DNS.
> So far there was no need for that. Is it important for you?
>
> Best,
> Daniel
>
> On 11/12/18 3:33 PM, Christian Petrasch wrote:
>> Hi,
>>
>> is there any knot-dns configuration parameter to define the SALT
> string for NSEC3 ?
>> I have :
>>
>> nsec3: BOOL
>> nsec3-iterations: INT
>> nsec3-opt-out: BOOL
>> nsec3-salt-length: INT
>>
>> but nothing to configure the string..
>>
>> Does anybody has an idea ?
>>
>> Any help would be really appreciated..
>>
>> thanks a lot
>>
>> best regards
>> --
>> Christian Petrasch
>> Product Owner
>> Zone Creation & Signing
>> IT-Services
>>
>> DENIC eG
>> Kaiserstraße 75-77
>> 60329 Frankfurt am Main
>> GERMANY
>>
>> E-Mail: petrasch@denic.de
>> http://www.denic.de
<http://www.denic.de/><http://www.denic.de/>
>>
>> PGP-KeyID: 549BE0AE, Fingerprint: 0E0B 6CBE 5D8C B82B 0B49 DE61
870E
> 8841 549B E0AE
>>
>> Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt
am Main)
>> Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr.
Jörg
> Schweiger
>> Vorsitzender des Aufsichtsrats: Thomas Keller
>> Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
> Frankfurt am Main
--
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
--
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users