Project

General

Profile

Actions

Task #5813

closed

Research whether DNSSEC with NSEC5 is interesting for us

Added by Nico Schottelius over 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Low
Assignee:
Target version:
-
Start date:
10/11/2018
Due date:
01/18/2019
% Done:

0%

Estimated time:
PM Check date:
01/28/2019

Description

  • dnssec-old led to zone walking
  • dnssec with nsec3 requires online signing -> private key on dns servers
  • dnssec with nsec5 sounds promising, but we need to investigate whether
    • bind9 on our servers properly supports it
    • there are no other attacks against nsec5
    • nsec5 is actually usable within .ch domain
Actions

Also available in: Atom PDF