NAME

       nsec3hash - generate NSEC3 hash

SYNOPSIS

       nsec3hash {salt} {algorithm} {iterations} {domain}

       nsec3hash -r {algorithm} {flags} {iterations} {salt} {domain}

DESCRIPTION

       nsec3hash  generates  an  NSEC3  hash  based  on a set of NSEC3 parameters. This can be used to check the
       validity of NSEC3 records in a signed zone.

       If this command is invoked as nsec3hash -r, it takes arguments in order, matching the first  four  fields
       of an NSEC3 record followed by the domain name: algorithm, flags, iterations, salt, domain. This makes it
       convenient  to  copy  and paste a portion of an NSEC3 or NSEC3PARAM record into a command line to confirm
       the correctness of an NSEC3 hash.

ARGUMENTS

       salt   This is the salt provided to the hash algorithm.

       algorithm
              This is a number indicating the hash algorithm. Currently the only supported  hash  algorithm  for
              NSEC3  is SHA-1, which is indicated by the number 1; consequently "1" is the only useful value for
              this argument.

       flags  This is provided for compatibility with NSEC3 record presentation format, but is ignored since the
              flags do not affect the hash.

       iterations
              This is the number of additional times the hash should be performed.

       domain This is the domain name to be hashed.

SEE ALSO

       BIND 9 Administrator Reference Manual, RFC 5155.

AUTHOR

       Internet Systems Consortium

COPYRIGHT

       2025, Internet Systems Consortium

9.20.10-1ubuntu1-Ubuntu                            2025-06-06                                       NSEC3HASH(1)