[dns-operations] a maximum of about 16K possible DNSSEC keytags?

Roy Arends roy at dnss.ec
Sun Nov 29 23:20:52 UTC 2015

I am only able to generate about 16K unique keytags for a 2K RSASHA256 
KSK (*), even after generating hundreds of thousands of keys in a loop.

I expected the entire 16 bit keytag space used (i.e. 64K keytags), as 
the keytag is simply the sum of the DNSKEY RDATA (as a series of two 
byte values) with the high two bytes of the resulting 32 bit value added 
to the low 2 byte without carry.

Since the RDATA contains 256 bytes of modulus (a result of multiplying 
two randomly generated 128 byte primes), I thought it had a fair amount 
of entropy so that the resulting key tags would be nicely distributed.

Apparently not.

Anyone able (willing) to explain the math, please?


(*) The same is true of a 512 bit RSASHA256 ZSK, though those are a 
different set of 16K unique keytags.

More information about the dns-operations mailing list