[nsd-users] Does NSD support ED25519 KSK/ZSK keys?

Vladimir Lomov lomov.vl at yandex.ru
Tue Mar 26 04:21:28 UTC 2019


the current ldns-keygen/ldns-signzone doesn't support ED25519/ED448
KSK/ZSK keys while dnssec-keygen can generate ED25519 keys. I generated
ED25519 KSK and ZSK keys using dnssec-keygen, published them in zone
file, checked the zone file (it is Ok) and sign zone by dnssec-signzone.
Though NSD was restarted successfully I wonder (actually I concern) does
NSD works fine with such keys?

I'm asking because I faced with strange problem with one of Registrar
(name.com) which supports ED25519/ED448 keys but their web interface
being able retrieve DNSKEY record from my DNS server unable to register
on their side the DS record for my DNS server.

Could it be that NSD couldn't work with ED25519 and sending wrong data
to Registrar when it tries to form DS record?

WBR, Vladimir Lomov

<Knghtbrd> you people are all insane.
<Joey> knight: sure, that's why we work on Debian.
<JHM> Knghtbrd: get in touch with your inner nutcase.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20190326/3adfd58d/attachment.bin>

More information about the nsd-users mailing list