[dns-operations] Surprisingly large cluster of domains sharing the same pair of 512-bit ZSKs and some more RSA key oddities

Sat Dec 9 04:31:28 UTC 2017

> On Oct 30, 2017, at 8:49 AM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> 
> Looking closely at the data gathered by the DANE survey I've
> run into more than 54 thousand (!!!) domains that have the same
> pair of 512-bit RSA keys for their ZSKs.  A small sample follows
> my signature.  The SOA records all point at wedos.cz, who appear
> to be some sort of hosting provider.  Perhaps someone native to
> .CZ could reach out to them and suggest that 512-bit keys are no
> longer a good idea, especially if re-used so liberally!

This is now resolved, thanks.  None of the domains in the oriiginal
"cluster" now have 512-bit keys.  There are still ~10k domains that
have 512-bit keys, but these keys are largely unique to each domain,
with only two keys present on more than 10 domains (42 and 64 domains
each).

The new key size distribution is below my signature.  This counts
DNSKEY RRs not RRsets (domains).  The measured population is ~5.1
million DNSSEC-signed domains which are immediate delegations from
a public suffix, I don't survey "private" (internal) delegations.
The key sizes are in bytes, and include the exponent length and
exponent octets.  Thus, for example, the two keys with length 66
are 512-bit (64 bytes) with exponent length 1 (exponent == 3).

The top four SOA mname counts (this counts domains, not DNSKEY RRs)
for the remaining 512-bit keys are:

8901 gratisdns.dk
 425 dnsimple.com
 108 easydns.com
  61 iinfo.cz

So the next cleanup focus could perhaps be gratisdns.dk, whose
own DNSKEY RRset has a 512-bit KSK and ZSK:

gratisdns.dk.           DNSKEY  256 3 5 (
                                AwEAAbGmFMrzJIpRfkijIn69v/rO4Gg8RQ+PcxBcHMXv
                                RSVfpVifZjkFsB19eC6KsyHZrbJxYY9IyWXUHb9W0Ien
                                3cU=
                                ) ; ZSK; alg = RSASHA1 ; key id = 64455
gratisdns.dk.           DNSKEY  257 3 5 (
                                AwEAActinhYq/UqS5WwQeqNwsfxu8t+68t3TkeNH1RL+
                                cw+mLXDpiwhT3h8yFLeOMiTdQD72HGShlR0I0qu/nP4E
                                MRE=
                                ) ; KSK; alg = RSASHA1 ; key id = 57028

Anyone from gratisdns.dk care to get in touch?

-- 
	Viktor.

  count  | length 
---------+--------
       2 |     66  -- 512-bit F_0
   20860 |     68  -- 512-bit F_4
       6 |     70
      31 |    100
       8 |    117
       1 |    122
       1 |    124
      78 |    130
     121 |    131
 6846249 |    132 -- 1024-bit F_4
     651 |    133
    2452 |    134
      81 |    135
       1 |    139
       2 |    146
     101 |    148
       2 |    149
       2 |    155
       2 |    160
       7 |    162
  197358 |    164 -- 1280-bit F_4
     115 |    167
       5 |    168
      96 |    169
      18 |    173
      13 |    179
  188929 |    196 -- 1536-bit F_4
      35 |    198
       3 |    213
       1 |    216
       1 |    229
       1 |    232
       1 |    240
       1 |    241
       1 |    245
       1 |    246
       1 |    252
       5 |    256
      14 |    257
     438 |    258
     133 |    259
 3164836 |    260 -- 2048-bit F_4
      21 |    261
    2518 |    262
      40 |    265
       2 |    266
       4 |    268
       1 |    269
     122 |    292
       2 |    294
       3 |    308
       1 |    309
       2 |    314
     420 |    324
      81 |    388
       2 |    391
    2192 |    405
       3 |    410
   59262 |    516 -- 4096-bit F_4 (one key serves ~22k domains, another ~8k)
   10235 |    518 -- 4096-bit F_5 (largely just two keys shared by 5082 domains)
       2 |   1028 -- 8192-bit F_4 (one domain's KSK and ZSK)