deSEC Community Support

DNSSEC algorithm/digest mismatch

daniel July 1, 2022, 11:56am 1

I’m in the process of setting up DNSSEC for one of my domains. I see in the instructions to use these informations for the DS records:

11405 13 4 XXXX

But when I enter these, I get a mismatch between DS-Data-Algorithm 13 (ECDSA-SHA256) and Digest-Type 4 (SHA-384).

Shouldn’t it be:
11405 14 4 XXXX
where DS-Data-Algorithm 14 corresponds to ECDSA-SHA-384 ?

Thanks!

peter July 1, 2022, 12:38pm 2

Hi Daniel,

No. The two algorithms are used for different purposes and need not be the same.

Stay secure,
Peter

daniel July 1, 2022, 1:10pm 4

Sorry, it was me who made a mistake on my registrar! Thanks for your explanation!