NSEC3PARAM-Records (NSEC3 Parameters)

An NSEC3PARAM-record is used by authoritative DNS servers to calculate and determine which NSEC3-records to include in responses to DNSSEC requests for non-existing names/types.

NSEC3PARAM-records have the following data elements:

  • Hash Algorithm: The cryptographic hash algorithm used.

  • Flags: "Opt-out" (indicates if delegations are signed or not).

  • Iterations: How many times the hash algorithm is applied.

  • Salt: Salt value for the hash calculation.

To add an NSEC3PARAM-record to a zone, use the DNSSEC Sign Zone function.

This record type is defined in RFC5155.

Be the first to comment on this page:
(Never published. Used for replies and to show your Gravatar icon. Never used for any other purpose.)