DnsServer icon indicating copy to clipboard operation
DnsServer copied to clipboard

Published 20 hours ago verified publisher icon TechnitiumSoftware

Implement support for DNSSEC algorithms ED25519 and ED448

Open ruifung opened this issue 7 months ago • 2 comments

This was bought up during a discussion on the IPv6 discord server. It was bought up that apparently Technitium is lacking as a validating recursive resolver due to cryptographic algorithm support, so I looked into it and decided to file a issue here.

Technitium DNS appears to be lacking support for the newer DNSKEY algorithms. Specifically, ed25519 and ed448 which of which the former is recommended for signing support and the latter is recommended for validation support, as per RFC8624, section 3.1

References: https://ed25519.no/ https://datatracker.ietf.org/doc/html/rfc8624#section-3.1

ruifung avatar Jan 02 '24 11:01 ruifung

Thanks for the post. These algorithms are planned but not available as they are not yet supported by .NET runtime since the algorithms are not natively available on some OS.

ShreyasZare avatar Jan 02 '24 11:01 ShreyasZare

Of course it's microsoft. And it's been open since 2015 ffs.

ruifung avatar Jan 02 '24 12:01 ruifung