Commit a93a66f6 authored by Evan Hunt's avatar Evan Hunt
Browse files

2794. [bug] Reduce default NSEC3 iterations from 100 to 10.

			[RT #19970]
parent c300f45d
2794. [bug] Reduce default NSEC3 iterations from 100 to 10.
[RT #19970]
2793. [port] Add some noreturn attributes. [RT #20257] 2793. [port] Add some noreturn attributes. [RT #20257]
2792. [port] win32: 32/64 bit cleanups. [RT #20335] 2792. [port] win32: 32/64 bit cleanups. [RT #20335]
......
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: dnssec-signzone.c,v 1.238 2009/09/29 15:06:06 fdupont Exp $ */ /* $Id: dnssec-signzone.c,v 1.239 2009/09/29 22:17:34 each Exp $ */
/*! \file */ /*! \file */
...@@ -147,7 +147,7 @@ static dns_dbiterator_t *gdbiter; /* The database iterator */ ...@@ -147,7 +147,7 @@ static dns_dbiterator_t *gdbiter; /* The database iterator */
static dns_rdataclass_t gclass; /* The class */ static dns_rdataclass_t gclass; /* The class */
static dns_name_t *gorigin; /* The database origin */ static dns_name_t *gorigin; /* The database origin */
static int nsec3flags = 0; static int nsec3flags = 0;
static dns_iterations_t nsec3iter = 100U; static dns_iterations_t nsec3iter = 10U;
static unsigned char saltbuf[255]; static unsigned char saltbuf[255];
static unsigned char *salt = saltbuf; static unsigned char *salt = saltbuf;
static size_t salt_length = 0; static size_t salt_length = 0;
...@@ -3337,9 +3337,9 @@ usage(void) { ...@@ -3337,9 +3337,9 @@ usage(void) {
fprintf(stderr, "\t-n ncpus (number of cpus present)\n"); fprintf(stderr, "\t-n ncpus (number of cpus present)\n");
fprintf(stderr, "\t-k key_signing_key\n"); fprintf(stderr, "\t-k key_signing_key\n");
fprintf(stderr, "\t-l lookasidezone\n"); fprintf(stderr, "\t-l lookasidezone\n");
fprintf(stderr, "\t-3 salt (NSEC3 salt)\n"); fprintf(stderr, "\t-3 NSEC3 salt\n");
fprintf(stderr, "\t-H iterations (NSEC3 iterations)\n"); fprintf(stderr, "\t-H NSEC3 iterations (10)\n");
fprintf(stderr, "\t-A (NSEC3 optout)\n"); fprintf(stderr, "\t-A NSEC3 optout\n");
fprintf(stderr, "\t-z:\t"); fprintf(stderr, "\t-z:\t");
fprintf(stderr, "ignore KSK flag in DNSKEYs"); fprintf(stderr, "ignore KSK flag in DNSKEYs");
......
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE. - PERFORMANCE OF THIS SOFTWARE.
--> -->
<!-- $Id: dnssec-signzone.docbook,v 1.37 2009/09/25 06:47:50 each Exp $ --> <!-- $Id: dnssec-signzone.docbook,v 1.38 2009/09/29 22:17:34 each Exp $ -->
<refentry id="man.dnssec-signzone"> <refentry id="man.dnssec-signzone">
<refentryinfo> <refentryinfo>
<date>June 05, 2009</date> <date>June 05, 2009</date>
...@@ -552,7 +552,7 @@ ...@@ -552,7 +552,7 @@
<term>-3 <replaceable class="parameter">salt</replaceable></term> <term>-3 <replaceable class="parameter">salt</replaceable></term>
<listitem> <listitem>
<para> <para>
Generate a NSEC3 chain with the given hex encoded salt. Generate an NSEC3 chain with the given hex encoded salt.
A dash (<replaceable class="parameter">salt</replaceable>) can A dash (<replaceable class="parameter">salt</replaceable>) can
be used to indicate that no salt is to be used when generating the NSEC3 chain. be used to indicate that no salt is to be used when generating the NSEC3 chain.
</para> </para>
...@@ -563,8 +563,8 @@ ...@@ -563,8 +563,8 @@
<term>-H <replaceable class="parameter">iterations</replaceable></term> <term>-H <replaceable class="parameter">iterations</replaceable></term>
<listitem> <listitem>
<para> <para>
When generating a NSEC3 chain use this many interations. The When generating an NSEC3 chain, use this many interations. The
default is 100. default is 10.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
...@@ -573,7 +573,7 @@ ...@@ -573,7 +573,7 @@
<term>-A</term> <term>-A</term>
<listitem> <listitem>
<para> <para>
When generating a NSEC3 chain set the OPTOUT flag on all When generating an NSEC3 chain set the OPTOUT flag on all
NSEC3 records and do not generate NSEC3 records for insecure NSEC3 records and do not generate NSEC3 records for insecure
delegations. delegations.
</para> </para>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment