Testing DNSSEC NSEC3PARAM (iterations and salt)

[baknu]

From mail GT (13th of June, 2022):

The iteration part he mentions is only relevant for resolver resources not the zone itself. If they are going to change their configuration for the aforementioned part, adopting the new NSEC3 parameter values from the draft would also be nice.

For the NSEC3PARAM, they could be extra tests in the DNSSEC section. NSEC3 iterations MUST be 0 (fail otherwise) and salt SHOULD NOT be used (info otherwise). I would still wait for the RFC first for these to be final.

See also: https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-nsec3-guidance

[baknu]

This relates to testing other DNSSEC settings: #34, #184, #244, and #715.

[baknu]

The RFC is now a final Best Current Practice: https://www.rfc-editor.org/rfc/rfc9276.html