[dns-operations] How widely implemented are different DNSSEC algorithms?

Viktor Dukhovni ietf-dane at dukhovni.org
Fri Sep 11 19:35:12 UTC 2020


On Fri, Sep 11, 2020 at 02:29:49PM -0400, John Levine wrote:

> Are there any published numbers estimating how well the various DNSSEC
> algorithms are supported in DNS caches and client software?

Yes.  See this discussion thread:

    https://github.com/NLnetLabs/unbound/issues/271#issuecomment-664842368
    https://github.com/NLnetLabs/unbound/issues/271#issuecomment-664858924

> Or to put it another way, were I to switch from signing with
> algorithm 8 to 13, how much would I regret it?

Not at all, support for algorithm 13 is basically universal at this
point.  At this point some (domeneshop.no) are boldly forging ahead
with algorithm 15... Algorithm 13 looks like a legacy algorithm to
them ...

See also:

    http://stats.dnssec-tools.org/#parameter

for deployment numbers on the authoritative side.

-- 
    Viktor.



More information about the dns-operations mailing list