Skip to main content

DNSSEC RFC 9276

Comments

4 comments

  • cPRex Jurassic Moderator

    Hey there!  I did some research on this and found that we should be supporting iterations of 0 according to the RFC:

    https://datatracker.ietf.org/doc/rfc9276/

      Note that [RFC5155] describes the Iterations field as follows
    
       |  The Iterations field defines the number of additional times the
       |  hash function has been performed.
    
       This means that an NSEC3 record with an Iterations field of 0
       actually requires one hash iteration.

    I also confirmed that trying a value of 0 gives me the following error from the API call:

    reason: "API failure: (XID 7sm6mf) “nsec3_iterations” must be a positive integer less than or equal to 2500."

    I've created case CPANEL-45613 for our developers to look into this, and I'll be sure to post an update here if I hear back from them!

    0
  • Fraak Schoombert

    Hi,

    Is there an update available on CPANEL-45613 ? This issue is currently affecting over 50 of my domains.

    Thank you

    0
  • cPRex Jurassic Moderator

    I don't have any updates on this just yet but it is going to get discussed in a meeting next Friday. 

    0
  • cPRex Jurassic Moderator

    i did want to let you know our developers are investigating the issue at this time - I'll post any other updates once I get them!

    0

Please sign in to leave a comment.