EURID supposedly requiring different Digest type for DNSSEC

I’m trying to configure DNSSEC for a .eu domain hosted at CloudFlare.

I’ve submitted the DNSSEC data as presented in CF panel to my registrar and got back information that EURID (.eu registry manager) requires the digest type to be of type 3 - not 2 like the CF presents.

This is confusing because I can’t find any information about digest type 3 in any of DNSSEC’s RFCs.

Is it possible for CloudFlare to configure DNSSEC data using said digest type?

But Cloudflare doesn’t use it. Not all registrars are compatible with Cloudflare DNSSEC.

Thanks for the link @sdayman. Pity there’s no uniform document describing whole DNSSEC standard.

After a little bit of experimenting and configuring DNSSEC for another domain and another registrar, I’m wondering if this is a misnomer and if it isn’t “protocol” and not “digest type”.

Even domain does use digest type 2, as can be seen at
It does use protocol type 3, as can be seen at whois:

        flags:KSK protocol:3 algorithm:RSA_SHA256 pubKey:AwEA...

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.