An NSEC3PARAM-record is used by authoritative DNS servers to calculate and determine which NSEC3-records to include in responses to DNSSEC requests for non-existing names/types.

 

NSEC3PARAM-records have the following data elements:

- Hash Algorithm: The cryptographic hash algorithm used.

- Flags: "Opt-out" (indicates if delegations are signed or not).

- Iterations: How many times the hash algorithm is applied.

- Salt: Salt value for the hash calculation.

 

To add an NSEC3PARAM-record to a zone, use the DNSSEC Sign Zone function.

 

This record type is defined in RFC5155.