[dns-operations] EdDSA status ?

fujiwara at jprs.co.jp fujiwara at jprs.co.jp
Thu May 31 15:53:33 UTC 2018 

I'm testing EdDSA DNSKEY algorithm.

If you have any information, please reply.

EdDSA requires OpenSSL 1.1.1  (pre6 or pre7 or git head).
      (openssl 1.1.1 lacks benchmarking of ED25519 and ED448)

Signer:   LDNS (git head, ldns-signzone) supports both ED25519 and ED448.
          BIND 9.12.1 (dnssec-signzone) supports ED25519.
	       	                        does not support ED448.

Validator: BIND 9.12.1 does not support ED25519 (SERVFAIL!).
	   BIND 9 (git head) supports ED25519 validation.
	                     does not support ED448 validation (SERVFAIL).
           Unbound 1.7.1 supports both ED25519 and ED448.

	   8.8.8.8 does not support ED25519/ED448, but NOERROR (insecure).
	   1.1.1.1 and 9.9.9.9 may support ED25519.
	   	       	       may not support ED448 (insecure).

Registry and Registrar:
      I found one TLD/registrar that allow algorithm 15 and 16 registration.
	   TLD = .ASIA
	   Registrar = do-reg.jp  (http://do-reg.jp/)

I signed my private domain name 'fujiwara.asia' with algorithm 15/16 DNSKEY
using openssl-1.1.1-pre* and ldns(head).

Unbound 1.7.1 validates fujiwara.asia.

Configuration of 'fujiwara.asia' may change. (algorithm 15 last week, now 16)

--------------------------------------------------------------------------
h% drill -D fujiwara.asia
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 20448
;; flags: qr rd ra ad ; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 6
;; QUESTION SECTION:
;; fujiwara.asia.       IN      A

;; ANSWER SECTION:
fujiwara.asia.  3578    IN      A       183.181.168.158
fujiwara.asia.  3578    IN      RRSIG   A 16 2 3600 20180629180201 20180530160201 60334 fujiwara.asia. u+d27DcUsaASkzQw3ep3J1qYr26rdiz2c86TehRFAo4QxwkkwD6VOwS4EsYqQniMEPTzMYA+5IIAp6R3Ptc0CnYmIAW56MtCC5caokoDWJ3aSSxOdTYJHHWne3TS+Ie7JYyAVJ2SmQgQTXj1MaXWuxQA

;; AUTHORITY SECTION:
fujiwara.asia.  3578    IN      NS      f.fujiwara.asia.
fujiwara.asia.  3578    IN      NS      h.fujiwara.asia.
fujiwara.asia.  3578    IN      RRSIG   NS 16 2 3600 20180629180201 20180530160201 60334 fujiwara.asia. GJTDTLFzsmJWqMLqxFlolu0cKFAhPdz3vjROwSwG/ArE7e0MQPs0FQyKxUe3obAX+Sn2lepcu6GAG9xLa9vmcNZSfIriaU4sPfbJoOzf5eyGNHAKwV0aFK/9WD0fECNdG44ZEQX63hl5V8s+2ZjR9ikA

;; ADDITIONAL SECTION:
f.fujiwara.asia.        3578    IN      A       124.41.94.54
h.fujiwara.asia.        3578    IN      A       183.181.168.158
h.fujiwara.asia.        3578    IN      AAAA    2001:2e8:602:0:2:1:0:9e
f.fujiwara.asia.        3578    IN      RRSIG   A 16 3 3600 20180629180201 20180530160201 60334 fujiwara.asia. ri8ro2fFu9WImpwnXfq/AsU6YrZcnzUb6kUM1lLKDcs5gnddCr10HhBVthLuIT3EXFKiltx9lfWAbVhSyFgMhxDr4VfSc4k64SyKzLtHW5jdXjR1a9/VZs1N0EUh45c0wosbAlWEkJKJlpaFpsDp5yIA
h.fujiwara.asia.        3578    IN      RRSIG   A 16 3 3600 20180629180201 20180530160201 60334 fujiwara.asia. ly88LU2JomTKAPjHEJktGGNDokBbUaKiJXS67+zs1zE9y/9bYrtlHGSzSEkW2RJ8ue/CEMpbeRWARdS/w8H5/oqYePIR0x42QnedcaimFmpzrMZWMj/FwTjR4f63iuP8Bmx7skiTa0dgNEQfdRTj5AgA
h.fujiwara.asia.        3578    IN      RRSIG   AAAA 16 3 3600 20180629180201 20180530160201 60334 fujiwara.asia. RcuZaG4Lz+v1U/wtzkvRLKf8jC6TCzU1sCQZPIzfVN+ENGl3hEtuKjkWno2BMCbIgLhdw5Z92L8ArBzRSj1iBHjbBx3bbqXIeXIjKvmcGSYtXhoTs7LoRn1dJMbdZZj9DFO4pERPIRB00X3Eg8uOgzoA

;; Query time: 0 msec
;; EDNS: version 0; flags: do ; udp: 4096
;; SERVER: 127.0.0.1
;; WHEN: Fri Jun  1 00:34:23 2018

--
Kazunori Fujiwara, JPRS <fujiwara at jprs.co.jp>

More information about the dns-operations mailing list