Skip to content

Commit a8422b7

Browse files
tbrehmtbrehm
committed
Fixes #6715 Do not use a salt in DNSSEC key generation RFC 9276
1 parent f8bb2d7 commit a8422b7

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

server/plugins-available/bind_plugin.inc.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -171,7 +171,8 @@ function soa_dnssec_sign(&$data) {
171171
file_put_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain, $zonefile);
172172

173173
//* Sign the zone and set it valid for max. 16 days
174-
$app->system->exec_safe('cd ?; dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o ? -K ? -t ?', $dns_config['bind_keyfiles_dir'], $domain, $dns_config['bind_keyfiles_dir'], $dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain);
174+
// $app->system->exec_safe('cd ?; dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o ? -K ? -t ?', $dns_config['bind_keyfiles_dir'], $domain, $dns_config['bind_keyfiles_dir'], $dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain);
175+
$app->system->exec_safe('cd ?; dnssec-signzone -A -e +1382400 -3 - -N increment -o ? -K ? -t ?', $dns_config['bind_keyfiles_dir'], $domain, $dns_config['bind_keyfiles_dir'], $dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain);
175176

176177
//* Write Data back ino DB
177178
$dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.');

0 commit comments

Comments
 (0)