Can I reasonably use SHA-256 in a DNSSEC deployment?

security dnssec

I know that RFC 5702 documents the use of SHA-2 in DNSSEC, and that RFC 6944 defines RSA/SHA-256 as "recommended to implement." What I'm not aware of is just how widely-implemented SHA-256 is in validating resolvers.

Is it practical to sign Internet zones (those I'm particularly interested in are .org domains) with SHA-256, or am I making my zone unverifiable to large swathes of the DNSSEC-aware Internet?

As a follow-up, can key schedules change with a hash change to keep the same level of security (e.g. can I work around using SHA-1 by having shorter key schedules)?


The root zone (aka .) itself is signed with RSA/SHA256 (KSK as well as ZSK are RSA/SHA256).

Thus, a validating resolver that does not support RSA/SHA256 will be mostly useless on the Internet as it wouldn't be able to validate the full chain.

I think it's safe for you to assume that RSA/SHA256 is supported.

http://dnsviz.net/d/org/dnssec/ may provide a useful visualization of the keys in use up to the org zone.

Related

bind9 proper recursion setup
HTTPS redirect from a naked domain (example.com) to a full domain 'www.example.com' without an error?
ntpd: servers stuck on .INIT
what percentage of iowait is considered to be high?
Finding all aliases for a server
What is the current state of the art for user management with Ansible?
Are the free Win 7/8/10 VM's Microsoft provides for testing purposes restricted or any different than their counterparts? [closed]
Small writes to SMB network share are slow on Windows, fast over CIFS Linux mount
After hardware RAID array expansion fdisk wont allow me to use additional available sectors
Configuring Transparent Hugepages; [always], [madvise], or [never]
Automatic shutdown when idle? [closed]
hdparm on OS X