ed25519.nl

ed25519 for DNSSEC

Ed25519 is a public-key signature system invented by Bernstein et al. that is standardized for use in internet protocols as RFC 8032. In RFC 8080, ed25519 (and ed448) were standardized for use in DNSSEC in February 2017.

This domainname, is DNSSEC signed with this algorithm.

Why use ed25519 for DNSSEC signatures?

ed25519, as an elliptic curve cryptography(ECC) signature algorithm, offers high security signatures in a small signature size. A 256 bit ECC key has similar security properties to 3072 bit RSA signatures (see table 3, page 53 of NIST SP 800-57).

As an example, an ed25519 signature is 64 bytes long, compared to 256 bytes for an RSA 2048 signature. These smaller signatures ensure that DNS amplification attacks are less severe than before, without sacrificing the security of DNSSEC.

So what about EcDSA (also standardized for use in DNSSEC)? EcDSA requires random data when signing, this can lead to leaking the private key when bad random data is used. Deterministic EcDSA does exists, alleviating the need for this. ed25519, however, only requires random data when generating the private key.

DNS software supporting ed25519

This is an incomplete list of DNS tools and servers that support or will support ed25519:

• BIND 9 (unreleased) has support based on the upcoming OpenSSL 1.1.1
• dnsmasq (since 2.79), a small DHCP server and DNS forwarder supports ed25519 using libnettle
• Knot DNS (since 2.6.0) supports ed25519 using GnuTLS 3.6.0
• Unbound (since 1.6.4) supports ed25519 via the unreleased OpenSSL 1.1.1 and since version 1.6.6 via libnettle
• PowerDNS Authoritative Server (since 4.0.0) has support for signing with ed25519 using libsodium
• PowerDNS Recursor (since 4.0.5) has support for validating ed25519 using libsodium
• The DNSSEC Debugger from Verisign Labs.
• SIDN, the Dutch registry supports adding DS records for ed25519 keys since October 24th 2017
• TransIP, the Dutch registrar supports adding DS records for ed25519 keys in their control panel since October 24th 2017
• 1.1.1.1, the anycast public DNS resolver from Cloudflare and APNIC is based on Knot and also supports validating ed25519
• systemd-resolved, the resolver/forwarder in systemd. A Pull Request has been merged and is part of release 236.
• Google Public DNS added ed25519 validation late august 2018.
• Zonemaster, a zone-checking tool by AFNIC and IIS
• OpenDNSSEC, a zone-signing tool, added support in 2.1.7 (October 2020).
• DNSViz, everybody's favorite DNSSEC debugging tool.

DNS software not supporting ed25519