[dns-operations] NSEC3 and MD5

Jim Reid jim at rfc1035.com
Sat Dec 1 13:05:41 UTC 2018

> On 1 Dec 2018, at 11:58, James Stevens <James.Stevens at jrcs.co.uk> wrote:
> Although the "default" hashing algorithm for NSEC3 is MD5,

[citation needed]

Whatever is foisting this alleged default is broken and wrong.

Quoting RFC5155:

   This specification allocates two new DNSKEY algorithm identifiers for
   this purpose.  Algorithm 6, DSA-NSEC3-SHA1 is an alias for algorithm
   3, DSA.  Algorithm 7, RSASHA1-NSEC3-SHA1 is an alias for algorithm 5,

IIRC MD5 was already well on its way to the dustbin of history before RFC5155 was published. RFC5155 does not even mention MD5.

IMO, DNSSEC-ter is horrible and a waste of time. [NSEC3-signed zones can be enumerated, so why bother trying to prevent enumeration? Besides, what DNS data are you hoping to “protect" by using DNSSEC-ter?] But if you insist on using it, an RSA or ECC key using SHA256 seems prudent. Take a look at:

> I notice dot-GOV and dot-MIL both use MD5

Nope. They’re both using using RSASHA256 keys, like pretty much every other TLD that’s doing DNSSEC-ter flavoured signing.


More information about the dns-operations mailing list