DNSSEC An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1

beat · July 31, 2024, 9:12am

SYSTEM INFORMATION
OS type and version	Ubuntu 20.04 LTS
Webmin version	2.201
Virtualmin version	7.20.2
Related packages	Bind 9.18

When testing a DNSSEC-secured Virtualmin PRO-managed domain at https://dnsviz.net/ I get this error:

NSEC3 proving non-existence of my-domain-here.com/CNAME: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.

I see that virtualmin.com has not this error, which seems from a new RFC, and doesn’t seem to be an urgent issue.

Shouldn’t a Virtualmin upgrade automatically update these ?

And if not, what should I do to fix this in a future-Virtualmin-compatible way ?

shoulders · July 31, 2024, 1:42pm

I am not getting any issues like that on my DNSSEC enabled domain

https://dnsviz.net/d/quantumwarp.com/dnssec/

Have you set it up correctly?

lawk · August 25, 2024, 9:17pm

I have the same message for my domains.

if you go to edit the hash iterations on the Edit DNSSEC Parameters page it gives the following error if you enter 0.

Failed to save record : Missing or non-numeric number of iterations

system · October 24, 2024, 9:18pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.