dnskey algorithm update

Carl Byington carl at byington.org
Thu Jan 7 20:00:14 UTC 2016

Hash: SHA512

On Thu, 2016-01-07 at 08:34 -0600, Jeremy C. Reed wrote:
> On Wed, 6 Jan 2016, Carl Byington wrote:

> > Is there a more authoritative document that describes the algorithm
> > roll over procedure? It seems that I need to:

> ISC has a DNSSEC Guide. See this section:

> http://users.isc.org/~jreed/dnssec-guide/dnssec-guide.html#advanced-
> discussions-DNSKEY-algorithm-rollovers

> (Also in PDF format at the same directory.)

> We still have some feedback to integrate into the guide, but if anyone
> would like to participate, also see the GitHub site:
> https://github.com/isc-projects/isc-dnssec-guide

Based on RIPE experience at https://labs.ripe.net/Members/anandb/dnssec-
algorithm-roll-over, where Unbound and Verisign make assumptions about
the DS record set, we need to ensure that:

adding an algorithm - you need to generate both KSK and ZSKs for the new
algorithm, publish them in the DNSKEY rrset, and sign the zone with
them. Then wait one TTL cycle before updating the DS records in the

removing an algorithm - you need to remove the old algorithm DS records
from the parent, then wait one TTL cycle before removing the old KSK and
ZSKs using that algorithm, and resigning the zone using only the new

Also, based on https://tools.ietf.org/html/rfc6781#page-31, it seems we
need to be able to sign the zone with a key that is not published in the
DNSKEY rrset. Consider the case of adding a ZSK with the new algorithm,
where we publish that ZSK in the DNSKEY rrset and resign the zone using
both old and new ZSKs. A resolver might have an old cached MX rrset only
signed with the old algorithm; and then retrieve the new DNSKEY rrset
which mentions both algorithms.

RFC6781 implies that this will break validation. Is that correct? If so,
I don't see any way to get dnssec-signzone to do this using -S smart
signing based on the timers in the K*{key,private} files.

Version: GnuPG v2.0.14 (GNU/Linux)


More information about the bind-users mailing list