Domain Name System Security (DNSSEC) Algorithm Numbers
- Created
- 2003-11-03
- Last Updated
- 2024-12-05
- Available Formats
-
XML
HTML
Plain text
Registries included below
- DNS Security Algorithm Numbers
- DNS KEY Record Diffie-Hellman Prime Lengths
- DNS KEY Record Diffie-Hellman Well-Known Prime/Generator Pairs
DNS Security Algorithm Numbers
- Registration Procedure(s)
-
RFC Required
- Reference
- [RFC4034][RFC3755][RFC6014][RFC6944]
- Note
-
The KEY, SIG, DNSKEY, RRSIG, DS, and CERT RRs use an 8-bit number used to identify the security algorithm being used. All algorithm numbers in this registry may be used in CERT RRs. Zone signing (DNSSEC) and transaction security mechanisms (SIG(0) and TSIG) make use of particular subsets of these algorithms. Only algorithms usable for zone signing may appear in DNSKEY, RRSIG, and DS RRs. Only those usable for SIG(0) and TSIG may appear in SIG and KEY RRs. * There has been no determination of standardization of the use of this algorithm with Transaction Security.
- Available Formats
-
CSV
Number | Description | Mnemonic | Zone Signing |
Trans. Sec. |
Reference |
---|---|---|---|---|---|
0 | Delete DS | DELETE | N | N | [RFC4034][proposed standard][RFC4398][proposed standard][RFC8078][proposed standard] |
1 | RSA/MD5 (DEPRECATED, see 5) | RSAMD5 | N | Y | [RFC3110][proposed standard][RFC4034][proposed standard] |
2 | Diffie-Hellman | DH | N | Y | [RFC2539][proposed standard] |
3 | DSA/SHA1 | DSA | Y | Y | [RFC3755][proposed standard][RFC2536][proposed standard][Federal Information Processing Standards Publication (FIPS PUB) 186, Digital Signature Standard, 18 May 1994.][Federal Information Processing Standards Publication (FIPS PUB) 180-1, Secure Hash Standard, 17 April 1995. (Supersedes FIPS PUB 180 dated 11 May 1993.)] |
4 | Reserved | [RFC6725][proposed standard] | |||
5 | RSA/SHA-1 | RSASHA1 | Y | Y | [RFC3110][proposed standard][RFC4034][proposed standard] |
6 | DSA-NSEC3-SHA1 | DSA-NSEC3-SHA1 | Y | Y | [RFC5155][proposed standard] |
7 | RSASHA1-NSEC3-SHA1 | RSASHA1-NSEC3-SHA1 | Y | Y | [RFC5155][proposed standard] |
8 | RSA/SHA-256 | RSASHA256 | Y | * | [RFC5702][proposed standard] |
9 | Reserved | [RFC6725][proposed standard] | |||
10 | RSA/SHA-512 | RSASHA512 | Y | * | [RFC5702][proposed standard] |
11 | Reserved | [RFC6725][proposed standard] | |||
12 | GOST R 34.10-2001 (DEPRECATED) | ECC-GOST | Y | * | [RFC5933][proposed standard][Change the status of GOST Signature Algorithms in DNSSEC in the IETF stream to Historic] |
13 | ECDSA Curve P-256 with SHA-256 | ECDSAP256SHA256 | Y | * | [RFC6605][proposed standard] |
14 | ECDSA Curve P-384 with SHA-384 | ECDSAP384SHA384 | Y | * | [RFC6605][proposed standard] |
15 | Ed25519 | ED25519 | Y | * | [RFC8080][proposed standard] |
16 | Ed448 | ED448 | Y | * | [RFC8080][proposed standard] |
17 | SM2 signing algorithm with SM3 hashing algorithm | SM2SM3 | Y | * | [RFC9563][informational] |
18-22 | Unassigned | ||||
23 | GOST R 34.10-2012 | ECC-GOST12 | Y | * | [RFC9558][informational] |
24-122 | Unassigned | ||||
123-251 | Reserved | [RFC4034][proposed standard][RFC6014][proposed standard] | |||
252 | Reserved for Indirect Keys | INDIRECT | N | N | [RFC4034][proposed standard] |
253 | private algorithm | PRIVATEDNS | Y | Y | [RFC4034][proposed standard] |
254 | private algorithm OID | PRIVATEOID | Y | Y | [RFC4034][proposed standard] |
255 | Reserved | [RFC4034][proposed standard] |
DNS KEY Record Diffie-Hellman Prime Lengths
- Registration Procedure(s)
-
IETF Review
- Reference
- [RFC2539]
- Available Formats
-
CSV
Value | Description | Reference |
---|---|---|
0 | Unassigned | |
1 | index into well-known table | [RFC2539] |
2 | index into well-known table | [RFC2539] |
3-15 | Unassigned |
DNS KEY Record Diffie-Hellman Well-Known Prime/Generator Pairs
- Reference
- [RFC2539]
- Available Formats
-
CSV
Range | Registration Procedures |
---|---|
0x0000-0x07ff | Standards Action |
0x0800-0xbfff | RFC Required |
Value | Description | Reference |
---|---|---|
0x0000 | Unassigned | |
0x0001 | Well-Known Group 1: A 768 bit prime | [RFC2539] |
0x0002 | Well-Known Group 2: A 1024 bit prime | [RFC2539] |
0x0003-0xbfff | Unassigned | |
0xc000-0xffff | Private Use | [RFC2539] |