Implement support for DNSSEC algorithms ED25519 and ED448 #819
Comments
ruifung
changed the title
ruifung
changed the title
|
Thanks for the post. These algorithms are planned but not available as they are not yet supported by .NET runtime since the algorithms are not natively available on some OS. |
|
Of course it's microsoft. And it's been open since 2015 ffs. |
|
hello I think this is really a highly critical issue and I understand this is more of upstream rather than technitium... at the moment my nginx OCSP validation for my Let's encrypt certificate is not working with DNSSEC enabled for the following domain |
Thanks for the feedback. This is not related to this current issue. The domain
You need to use the DNS Client tool on the DNS admin panel to check why the domain "e5.o.lencr.org" is not resolving. The output will give you clues and if there are any errors then check the DNS logs from admin panel to know what went wrong. |
This was bought up during a discussion on the IPv6 discord server. It was bought up that apparently Technitium is lacking as a validating recursive resolver due to cryptographic algorithm support, so I looked into it and decided to file a issue here.
Technitium DNS appears to be lacking support for the newer DNSKEY algorithms. Specifically, ed25519 and ed448 which of which the former is recommended for signing support and the latter is recommended for validation support, as per RFC8624, section 3.1
References:
https://ed25519.no/
https://datatracker.ietf.org/doc/html/rfc8624#section-3.1
The text was updated successfully, but these errors were encountered: