Displaying 3 results from an estimated 3 matches for "ecdsap256sha256".
2019 Feb 13
3
DNSSEC Questions
On 2/12/19 10:55 PM, Alice Wonder wrote:
> DNSSEC keys do not expire. Signatures do expire. How long a signature
> is good for depends upon the software generating the signature, some
> lets you specify. ldns I believe defaults to 60 days but I am not sure.
>
> The keys are in DNSSKEY records that are signed by your Key Signing
> Key and must be resigning before the signature
2019 Feb 13
0
DNSSEC Questions
...Signing Key.
I see you are using algorithm 7 - I would recommend switching to either
algorithm 13 or at least to 8.
Algorithm 7 uses a SHA1 hash.
See https://tools.ietf.org/html/draft-ietf-dnsop-algorithm-update-04
That's a draft but soon will be an update to the standard.
Algorithm 13 (ECDSAP256SHA256) results in much smaller keys and
signatures and is equivalent to about RSA-3072 in strength, and it uses
a SHA-256 hash.
However note that changing algorithms will result in validation failure
for few days unless done carefully.
>
> If I do not have to generate the keys every time the...
2023 Jul 21
3
cant start bind9 after dc upgrade 4.17 > 4.18
...adjusted limit on open files from 524288 to 1048576
Jul 21 23:49:14 dc-cloud named[637]: found 4 CPUs, using 4 worker threads
Jul 21 23:49:14 dc-cloud named[637]: using 4 UDP listeners per interface
Jul 21 23:49:14 dc-cloud named[637]: DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
Jul 21 23:49:14 dc-cloud named[637]: DS algorithms: SHA-1 SHA-256 SHA-384
Jul 21 23:49:14 dc-cloud named[637]: HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
Jul 21 23:49:14 dc-cloud named[637]: TKEY mode 2 support (Diffie-Hellma...