NASK has extended the list of allowed values of DS records. The introduced change extends the pool of accepted DNSSEC algorithms by algorithm numbers 12, 13 and 14(*). Therefore, the subscribers are provided with a possibility of using elliptic curve cryptography to secure their domain names. Furthermore, the Registry system has also enabled users to add DS records containing a digest of DNSSEC key generated with algorithm number 3 or 4(**).

In the beginning of the year NASK conducted research on the application of elliptic curve cryptography by recursive resolvers supporting DNSSEC. We encourage you to get acquainted with the results.

 

(*) http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml
(**) http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml

 

The current list of values of DS records, accepted by NASK, has been provided at: https://www.dns.pl/en/DNSSEC/FAQ.