Domain Name System Security (DNSSEC) Algorithm Numbers
Created
2003-11-03
Last Updated
2017-03-10
Available Formats
[IMG]
XML [IMG]
HTML [IMG]
Plain text
Registries included below
* DNS Security Algorithm Numbers
* DNS KEY Record Diffie-Hellman Prime Lengths
* DNS KEY Record Diffie-Hellman Well-Known Prime/Generator Pairs
DNS Security Algorithm Numbers
Registration Procedure(s)
RFC Required
Reference
[RFC4034][RFC3755][RFC6014][RFC6944]
Note
The KEY, SIG, DNSKEY, RRSIG, DS, and CERT RRs use an 8-bit number used
to identify the security algorithm being used.
All algorithm numbers in this registry may be used in CERT RRs. Zone
signing (DNSSEC) and transaction security mechanisms (SIG(0) and TSIG)
make use of particular subsets of these algorithms. Only algorithms
usable for zone signing may appear in DNSKEY, RRSIG, and DS RRs.
Only those usable for SIG(0) and TSIG may appear in SIG and KEY RRs.
* There has been no determination of standardization of the use of this
algorithm with Transaction Security.
Available Formats
[IMG]
CSV
Number Description Mnemonic Zone Trans. Reference
Signing Sec.
0 Delete DS DELETE N N [RFC4034][RFC4398][RFC8078]
1 RSA/MD5 (deprecated, see 5) RSAMD5 N Y [RFC3110][RFC4034]
2 Diffie-Hellman DH N Y [RFC2539][proposed standard]
[RFC3755][proposed standard][RFC2536][proposed standard][Federal
Information Processing Standards Publication (FIPS PUB) 186, Digital
3 DSA/SHA1 DSA Y Y Signature Standard, 18 May 1994.][Federal Information Processing
Standards Publication (FIPS PUB) 180-1, Secure Hash Standard, 17 April
1995. (Supersedes FIPS PUB 180 dated 11 May 1993.)]
4 Reserved [RFC6725]
5 RSA/SHA-1 RSASHA1 Y Y [RFC3110][RFC4034]
6 DSA-NSEC3-SHA1 DSA-NSEC3-SHA1 Y Y [RFC5155][proposed standard]
7 RSASHA1-NSEC3-SHA1 RSASHA1-NSEC3-SHA1 Y Y [RFC5155][proposed standard]
8 RSA/SHA-256 RSASHA256 Y * [RFC5702][proposed standard]
9 Reserved [RFC6725]
10 RSA/SHA-512 RSASHA512 Y * [RFC5702][proposed standard]
11 Reserved [RFC6725]
12 GOST R 34.10-2001 ECC-GOST Y * [RFC5933][standards track]
13 ECDSA Curve P-256 with SHA-256 ECDSAP256SHA256 Y * [RFC6605][standards track]
14 ECDSA Curve P-384 with SHA-384 ECDSAP384SHA384 Y * [RFC6605][standards track]
15 Ed25519 ED25519 Y * [RFC8080][standards track]
16 Ed448 ED448 Y * [RFC8080][standards track]
17-122 Unassigned
123-251 Reserved [RFC4034][RFC6014]
252 Reserved for Indirect Keys INDIRECT N N [RFC4034][proposed standard]
253 private algorithm PRIVATEDNS Y Y [RFC4034]
254 private algorithm OID PRIVATEOID Y Y [RFC4034]
255 Reserved [RFC4034][proposed standard]
DNS KEY Record Diffie-Hellman Prime Lengths
Registration Procedure(s)
IETF Review
Reference
[RFC2539]
Available Formats
[IMG]
CSV
Value Description Reference
0 Unassigned
1 index into well-known table [RFC2539]
2 index into well-known table [RFC2539]
3-15 Unassigned
DNS KEY Record Diffie-Hellman Well-Known Prime/Generator Pairs
Reference
[RFC2539]
Available Formats
[IMG]
CSV
Range Registration Procedures
0x0000-0x07ff Standards Action
0x0800-0xbfff RFC Required
Value Description Reference
0x0000 Unassigned
0x0001 Well-Known Group 1: A 768 bit prime [RFC2539]
0x0002 Well-Known Group 2: A 1024 bit prime [RFC2539]
0x0003-0xbfff Unassigned
0xc000-0xffff Private Use [RFC2539]