[dns-operations] a maximum of about 16K possible DNSSEC keytags?

Robert Edmonds edmonds at mycre.ws
Tue Dec 1 05:27:28 UTC 2015

Roy Arends wrote:
> I am only able to generate about 16K unique keytags for a 2K RSASHA256 KSK
> (*), even after generating hundreds of thousands of keys in a loop.
> I expected the entire 16 bit keytag space used (i.e. 64K keytags), as the
> keytag is simply the sum of the DNSKEY RDATA (as a series of two byte
> values) with the high two bytes of the resulting 32 bit value added to the
> low 2 byte without carry.
> Since the RDATA contains 256 bytes of modulus (a result of multiplying two
> randomly generated 128 byte primes), I thought it had a fair amount of
> entropy so that the resulting key tags would be nicely distributed.

If I understand RFC 4034 appendix B correctly, the key tag is calculated
on the whole of the DNSKEY RDATA, not just the Public Key field, but
also the Flags, Protocol, and Algorithm fields.  The four octets of the
Flags/Protocol/Algorithm fields will be heavily biased; most of the bits
will be zeroes.  Looks like only about 4-5 bits will be set for
RSASHA256 KSK/ZSKs.  Is that enough to unbalance the distribution?

Robert Edmonds

More information about the dns-operations mailing list