[dns-operations] a maximum of about 16K possible DNSSEC keytags?

Roy Arends roy at dnss.ec
Mon Nov 30 14:51:11 UTC 2015

On 29 Nov 2015, at 23:20, Roy Arends wrote:

> I am only able to generate about 16K unique keytags for a 2K RSASHA256 
> KSK (*), even after generating hundreds of thousands of keys in a 
> loop.
> I expected the entire 16 bit keytag space used (i.e. 64K keytags), as 
> the keytag is simply the sum of the DNSKEY RDATA (as a series of two 
> byte values) with the high two bytes of the resulting 32 bit value 
> added to the low 2 byte without carry.
> Since the RDATA contains 256 bytes of modulus (a result of multiplying 
> two randomly generated 128 byte primes), I thought it had a fair 
> amount of entropy so that the resulting key tags would be nicely 
> distributed.
> Apparently not.
> Anyone able (willing) to explain the math, please?

Peter van Dijk generated a large set of DNSKEYs with the same algorithm, 
flags and exponent and was able to generate a lot more unique keytags. 
Peter is using PowerDNS ’pdnssec add-zone-key’ which uses mbedTLS 
2.1.0, while I was using dnssec-keygen and ldns-keygen which both used 
OpenSSL 0.9.8zg.

It looks like the difference stems from the libraries involved. At least 
we can fingerprint the key generators behind the keys used :-)

Not sure if I can find out more, or if this is important. Will keep 
looking though.



More information about the dns-operations mailing list