[dns-operations] .nz DNSKEY encoding
Chris Thompson
cet1 at cam.ac.uk
Fri Jan 20 19:40:39 UTC 2012
A quick analysis of the DNSKEY public exponents in TLDs:
base64 exponent ZSKs KSKs
AQ[M-P] 3 7 4 com,edu,gov,net
AwEAA[Q-f] 2^16+1 126 123
BAABAA[E-H] 2^16+1[*] 1 1 nz
BQEAAAAB 2^32+1 8 5 cz,gov,la,my,us
[*] with technically illegal zero padding
"gov" is a bit strange in having one ZSK with exponent 3 and another
with exponent 2^32+1.
The same exponents seem to be used in the higher levels of the reverse
lookup zones. I was a little surprised not to see BEAAAA[M-P] = 2^30+3
as generated by BIND's "dnssec-keygen -e" and used in e.g. dlv.isc.org
and (excuse me) cam.ac.uk.
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations
mailing list