upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-10 22:39:58 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Randomize NSEC3 salt

Browse source 
This should prevent the case where are are unlucky enough that static
values hash 'just right' for the test to pass, but only accidentally.

(cherry picked from commit 46781845ea)
This commit is contained in:
Petr Špaček 2025-07-11 11:17:05 +02:00
parent 548d1a81f9
commit 0adaa4a244
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
bin/tests/system/nsec3-answer/ns1/sign.sh
View file

@ -27,6 +27,8 @@ zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile"
"$SIGNER" -3 - -o "$zone" "$zonefile" 2>&1 >"$zonefile.sign.log"
SALT="$(printf "%04x" "$(($(date +%s) / 3600 % 65536))")"
echo_ic "NSEC3 salt for this hour: $SALT"
"$SIGNER" -3 "$SALT" -o "$zone" "$zonefile" 2>&1 >"$zonefile.sign.log"
keyfile_to_initial_ds "$ksk" >managed-keys.conf