[dns-operations] suggested DNSKEY type

Phil Pennock dnsop+phil at spodhuis.org
Tue Mar 27 22:17:43 UTC 2018

On 2018-03-27 at 12:22 +0200, A. Schulze wrote:
>  - type 13 / ECDSAP256SHA256
> opinions?

CloudFlare is exclusively type 13.  IMO, CloudFlare is to DNSSEC signing
as Gmail is to email: they handle so many domains that breakage with
them is effectively indistinguishable from the protocols being broken.

That's the rationale upon which I picked 13 for exim.org.

Stick to what the big players use and other people will debug interop
and file bugs and open pull-requests for you.  :)


More information about the dns-operations mailing list