Ed25519 DNSSEC support?


#1

The Nitty Gritty page says:

1.1.1.1 supports all signature algorithms including the newer DS-13, DS-14, DS-15, and DS-16.

As far as I can tell, algorithm 15 (Ed25519) isn’t actually supported?

$ dig @1.1.1.1 +dnssec ed25519.nl

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @1.1.1.1 +dnssec ed25519.nl
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38714
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1536
;; QUESTION SECTION:
;ed25519.nl.                        IN      A

;; ANSWER SECTION:
ed25519.nl.         2699    IN      A       77.72.150.82

;; Query time: 1 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Apr 01 19:03:33 UTC 2018
;; MSG SIZE  rcvd: 55

$ dig @1.1.1.1 +dnssec ed25519.mattnordhoff.life

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @1.1.1.1 +dnssec ed25519.mattnordhoff.life
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9455
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1536
;; QUESTION SECTION:
;ed25519.mattnordhoff.life. IN      A

;; ANSWER SECTION:
ed25519.mattnordhoff.life. 2656     IN      A       127.0.0.1
ed25519.mattnordhoff.life. 2656     IN      RRSIG   A 15 3 3600 20180412000000 20180322000000 32260 ed25519.mattnordhoff.life. OS/bzm96A1zy2bX6w35FbTdt3rFDHvr+EMTdiMPAeGAfxfTSa3aIPIqY KP6bYW3dxm87v8HpdLw70vNOgfbrAw==

;; Query time: 0 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Apr 01 19:03:57 UTC 2018
;; MSG SIZE  rcvd: 191

I don’t know of any zones that use 16 (Ed448) so I haven’t checked that.

Edit: I found an algorithm 16 thing.

$ dig @1.1.1.1 +dnssec secure.d4a16n3.rootcanary.net

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @1.1.1.1 +dnssec secure.d4a16n3.rootcanary.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39154
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1536
;; QUESTION SECTION:
;secure.d4a16n3.rootcanary.net.     IN      A

;; ANSWER SECTION:
secure.d4a16n3.rootcanary.net. 60 IN        A       145.97.20.17
secure.d4a16n3.rootcanary.net. 60 IN        RRSIG   A 16 4 60 20180405063720 20180326063720 40569 d4a16n3.rootcanary.net. EIBkhXzkHL9ENjlRemeKluHN3WgL+laFZCvoE8Oq7djIDSk8fOuW7elf LGo4bl30ZZdgXj6+4tQAPfYVFf9r4iUcpXJco2sO9FJiXxodhv7NF49r MIIT3bjmCbYMeX9IfEsgMkSqhC+yJH+sQl+1axMA

;; Query time: 643 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Apr 01 20:41:58 UTC 2018
;; MSG SIZE  rcvd: 242

Edit: There’s also the question of why RRSIG records are sometimes suppressed.


#2

@mnordhoff ah, you’re right. The 15 and 16 is not supported, the 15 is going to be supported soon. I’ve updated the docs and will updated the ticket here when support for 15 lands. The signatures are stripped when the resolver goes to insecure mode earlier (due to 15 or 16 not being supported).


#3

Great! Thank you. :smile:

You’ll be the only public DNS provider with Ed25519 support, that I know of.

(One supported it on some of their nodes, briefly, but seemingly disabled it later.)

(I don’t personally care about Ed448. :sweat_smile:)

It only strips them some of the time, though. Well, DNSSEC is nightmarishly complicated.

Edit:

Stripping signatures makes me extremely uncomfortable because pointing a validating forwarder at it would cause the zones to go bogus.

It’s academic for me, though. My validating forwarders don’t support algorithms 15 or 16 anyway, so they probably won’t care.


#4

You should get AD=0 in the response in insecure validation state. In that case RRSIGs are meaningless anyway.


#5

True, but a client can try to do its own validation regardless of the upstream’s AD bits, and it will get upset if it wants to use the RRSIGs and they’re missing.


#6

The Ed25519 (DS-15) is now supported:

$ kdig @1.1.1.1 ed25519.nl +dnssec
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 64317
;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 1536 B; ext-rcode: NOERROR

;; QUESTION SECTION:
;; ed25519.nl.         		IN	A

;; ANSWER SECTION:
ed25519.nl.         	3600	IN	RRSIG	A 15 2 3600 20180412000000 20180322000000 27662 ed25519.nl. WeN/EUsHxr0hYhIo4d0r/gYTvZ91PvFO9NCd2sBLATgokOIPa4SYiGAR6a6izKOn++SE8TpOULvmcbwdlj7uBg==
ed25519.nl.         	3600	IN	A	77.72.150.82

;; Received 161 B
;; Time 2018-04-04 09:27:30 PDT
;; From [email protected](UDP) in 35.0 ms

#7

Yay! :smile: Thank you!

Only public recursive DNS server with Ed25519 support?

#Extreme DNSSEC crypto nerd


#8

Awesome!


#9

Not the first one since Unbound supports it for quite some time (on any system with OpenSSL 1.1 or LibreSSL 2.7). But very cool no matter what. Short and fast signatures are a big win.


#10

Yeah. I think every recursor supports it now – if you have a new enough version and the right crypto libraries – but I’ve hardly seen anyone actually deploy it.


#11

@mvavrusa By the way, the docs still say Ed25519 isn’t supported. They need to be updated a second time. :sweat:


#12

Thanks! Just updated the docs.