nsec3hash - generate NSEC3 hash
nsec3hash {salt} {algorithm} {iterations} {domain}
nsec3hash -r {algorithm} {flags} {iterations} {salt}
    {domain}
nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters.
  This can be used to check the validity of NSEC3 records in a signed zone.
If this command is invoked as nsec3hash -r, it takes
    arguments in order, matching the first four fields of an NSEC3 record
    followed by the domain name: algorithm, flags,
    iterations, salt, domain. This makes it convenient to
    copy and paste a portion of an NSEC3 or NSEC3PARAM record into a command
    line to confirm the correctness of an NSEC3 hash.
  - salt
- This is the salt provided to the hash algorithm.
 
  - algorithm
- This is a number indicating the hash algorithm. Currently the only
      supported hash algorithm for NSEC3 is SHA-1, which is indicated by the
      number 1; consequently "1" is the only useful value for this
      argument.
 
  - flags
- This is provided for compatibility with NSEC3 record presentation format,
      but is ignored since the flags do not affect the hash.
 
  - iterations
- This is the number of additional times the hash should be performed.
 
  - domain
- This is the domain name to be hashed.
 
BIND 9 Administrator Reference Manual, RFC 5155.
Internet Systems Consortium
2024, Internet Systems Consortium