DNSSEC upgrade

Edwardo Garcia wdgarc88 at gmail.com
Fri Apr 30 01:05:38 UTC 2021

Halo Tony,
Thank you, wow ecdsa-p256-sha256 produce keys 1/10th the size of rsa,
strange how this better but we have made change as
from your howto, thank you, now 24 hour and all seems ok from what we tell,
and the test site says all good.

One question however it talk about longest TTL, does this mean also root
TLD zones (.com, .net) which from memory are 48 hours, so before we delete
old keys we need wait 48 hours, even though our zone TTL was 24 ?

Thank you, wow much much easy than I hoped for :-)

On Wed, Apr 28, 2021 at 12:08 PM Tony Finch <dot at dotat.at> wrote:

> Edwardo Garcia <wdgarc88 at gmail.com> wrote:
> >
> > Many year ago we set up DNSSEC, our key were generated with sha1 as was
> > recommended way back all them years. We too are not DNSSEC guru, so some
> > answer may be simple
> Well, you are going to do an algorithm rollover, which is one of the more
> tricky things you can do with DNSSEC. So, plan to do some testing, a trial
> run, with a spare zone that you can break without worrying.
> If you like to understand things by getting an idea of the wider context
> then there are a couple of RFCs on the general subject of key rollovers.
> The parts that are most relevant are the algorithm rollover section in RFC
> 6781 and the double-KSK section in RFC 7583.
> https://tools.ietf.org/html/rfc6781
> https://tools.ietf.org/html/rfc7583
> DNSSEC has got easier since those RFCs were written, so you might as well
> just skip to the howto bits below :-) It turns out, I wrote most of this
> reply over a year ago...
> > Also we use ZSK -b 1024 and KSK -b 4096
> > even modern google from apnic show example  ZSK of only 1024? is this
> still
> > secure?
> The current recommendation for DNSSEC algorithms is:
>   * you already know you want to choose something based on sha256 - it's
>     secure enough, so there's no need for bigger hashes
>   * ecdsa-p256-sha256 (13) is the best choice, because it is widely
>     supported and produces small signatures
>   * if you must use RSA, use 2048 bit keys for both zsk and ksk. 1024 bits
>     is not secure; 2048 has a roughly comparable security level to sha256
>     (112ish bits vs 128 bits); 4096 is big and slow and probably not worth
>     the cost
>   * I would like to be able to deploy ed25519 (a better elliptic curve
>     than p256) but it is not yet supported well enough
> > Is best practise for doing this, replacing the keys completely, more or
> > less like start fresh again?
> >
> > We do use inline signing and automatic maintain.
> I did a wholesale algorithm rollover from RSASHA1 to p256 around the end
> of 2019 and I wrote an algorithm rollover guide for colleagues in other
> parts of our university who run their own DNS. It's basically three steps
> with lots of waiting in between:
> https://www.dns.cam.ac.uk/news/2020-01-15-rollover.html
> The "Semi-automated DS updates" section probably isn't relevant to you,
> and the "Future" section has been made obsolete by dnssec-policy. But the
> rest of it should guide you through the essentials.
> (Also, the RIPE NCC does now support CDS records.)
> And use these DNS checking services to verify that it is working as
> expected:
> https://dnsviz.net/
> https://zonemaster.net/
> Tony.
> --
> f.anthony.n.finch  <dot at dotat.at>  https://dotat.at/
> Rattray Head to Berwick upon Tweed: North or northeast 4 or 5,
> occasionally 3 later. Slight or moderate. Showers. Good.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210430/fb33d60c/attachment.htm>

More information about the bind-users mailing list