rndc valid key types

Evan Hunt each at isc.org
Wed Jul 8 00:06:47 UTC 2020

On Tue, Jul 07, 2020 at 04:32:37PM -0700, Gregory Sloop wrote:
> I've seen reports that only HMAC-MD5 is the only valid key type.

That was the case at one time, but hasn't been for years.

> Is there any (security) reason/implications to use something "better"
> than MD5?

MD5 is broken (as is SHA1). In this specific context, a forged rndc message
is probably impracticable on any reasonable time scale, and I wouldn't fear
for security if I were using them.  *But*, they're broken, and crypto
people don't like keeping broken things around, so I wouldn't count on them
being supported forever. We've already removed MD5 support in the context
of DNSSEC keys; TSIG could come next.

So, if you want to generate a key and not have to worry about generating
another one in a year or two, I would advise against MD5 or SHA1.

> Is there any reason not to select the strongest - HMAC-SHA512?

No, go ahead. I tend to use sha256, just because it's the default
from rndc-confgen.

Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.

More information about the bind-users mailing list