[dns-operations] SHA-1 (algs 5 and 7), planning to switch to something non-deprecated?
Tony Finch
dot at dotat.at
Wed Jan 29 13:52:44 UTC 2020
Looking for algorithm rollovers in the root zone, the most recent is .buy
which also has the distinction of taking a remarkably long time:
2017051000
buy. 86400 IN DS 18204 7 1 ...
buy. 86400 IN DS 18204 7 2 ...
+buy. 86400 IN DS 37087 8 1 ...
+buy. 86400 IN DS 37087 8 2 ...
2019052202
buy. 86400 IN DS 16411 8 2 ...
-buy. 86400 IN DS 18204 7 1 ...
-buy. 86400 IN DS 18204 7 2 ...
-buy. 86400 IN DS 37087 8 1 ...
-buy. 86400 IN DS 37087 8 2 ...
Next most recent were:
2018110601 .ad 7 -> 8
2018103002 .nu 7 -> 13
2018082002 .br 5 -> 13
2018011800 .ke 5 -> 8
I did some sketchy counting of top-level reverse DNS delegations. Columns
are number of delegations (x) digest types, algorithm number, registry.
(All our PI v4 address space is under ARIN's reverse DNS.)
IPv4
1 x 12 8 dns.jp.
6 x 12 8 AFRINIC
10 x 12 5 ARIN
10 x 12 5 LACNIC
15 x unsigned
16 x 12 8 IANA
41 x 2 8 RIPE
50 x 2 13 APNIC
81 x 1 5 ARIN
IPv6
3 x 12 5 LACNIC
3 x 12 8 AFRINIC
8 x unsigned
11 x 1 5 ARIN
12 x 2 13 APNIC
22 x 2 8 RIPE
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Forth, Tyne, Dogger, Fisher, German Bight, Humber: West or southwest 5 to 7,
occasionally gale 8, except in Fisher. Moderate or rough. Occasional rain or
showers. Good, occasionally moderate.
More information about the dns-operations
mailing list