Commit a93a66f6 authored by Evan Hunt's avatar Evan Hunt

2794. [bug] Reduce default NSEC3 iterations from 100 to 10.

			[RT #19970]
parent c300f45d
2794. [bug] Reduce default NSEC3 iterations from 100 to 10.
[RT #19970]
2793. [port] Add some noreturn attributes. [RT #20257]
2792. [port] win32: 32/64 bit cleanups. [RT #20335]
......
......@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-signzone.c,v 1.238 2009/09/29 15:06:06 fdupont Exp $ */
/* $Id: dnssec-signzone.c,v 1.239 2009/09/29 22:17:34 each Exp $ */
/*! \file */
......@@ -147,7 +147,7 @@ static dns_dbiterator_t *gdbiter; /* The database iterator */
static dns_rdataclass_t gclass; /* The class */
static dns_name_t *gorigin; /* The database origin */
static int nsec3flags = 0;
static dns_iterations_t nsec3iter = 100U;
static dns_iterations_t nsec3iter = 10U;
static unsigned char saltbuf[255];
static unsigned char *salt = saltbuf;
static size_t salt_length = 0;
......@@ -3337,9 +3337,9 @@ usage(void) {
fprintf(stderr, "\t-n ncpus (number of cpus present)\n");
fprintf(stderr, "\t-k key_signing_key\n");
fprintf(stderr, "\t-l lookasidezone\n");
fprintf(stderr, "\t-3 salt (NSEC3 salt)\n");
fprintf(stderr, "\t-H iterations (NSEC3 iterations)\n");
fprintf(stderr, "\t-A (NSEC3 optout)\n");
fprintf(stderr, "\t-3 NSEC3 salt\n");
fprintf(stderr, "\t-H NSEC3 iterations (10)\n");
fprintf(stderr, "\t-A NSEC3 optout\n");
fprintf(stderr, "\t-z:\t");
fprintf(stderr, "ignore KSK flag in DNSKEYs");
......
......@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-signzone.docbook,v 1.37 2009/09/25 06:47:50 each Exp $ -->
<!-- $Id: dnssec-signzone.docbook,v 1.38 2009/09/29 22:17:34 each Exp $ -->
<refentry id="man.dnssec-signzone">
<refentryinfo>
<date>June 05, 2009</date>
......@@ -552,7 +552,7 @@
<term>-3 <replaceable class="parameter">salt</replaceable></term>
<listitem>
<para>
Generate a NSEC3 chain with the given hex encoded salt.
Generate an NSEC3 chain with the given hex encoded salt.
A dash (<replaceable class="parameter">salt</replaceable>) can
be used to indicate that no salt is to be used when generating the NSEC3 chain.
</para>
......@@ -563,8 +563,8 @@
<term>-H <replaceable class="parameter">iterations</replaceable></term>
<listitem>
<para>
When generating a NSEC3 chain use this many interations. The
default is 100.
When generating an NSEC3 chain, use this many interations. The
default is 10.
</para>
</listitem>
</varlistentry>
......@@ -573,7 +573,7 @@
<term>-A</term>
<listitem>
<para>
When generating a NSEC3 chain set the OPTOUT flag on all
When generating an NSEC3 chain set the OPTOUT flag on all
NSEC3 records and do not generate NSEC3 records for insecure
delegations.
</para>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment