1. Forum
  2. Newsgroups
  3. comp.protocols.dns.bind

  • rndc valid key types

    From Gregory Sloop@gregs@sloop.net to bind-users on Tue Jul 7 16:32:37 2020
    From Newsgroup: comp.protocols.dns.bind

    ------------00913B2241244C85C
    Content-Type: text/plain; charset=iso-8859-15
    Content-Transfer-Encoding: quoted-printable

    So, I've spent some time looking at the man pages and googling without any = definitive answer.

    I'm generating some new rndc keys for my bind9 config. (9.11.3 in this part= icular case, if it matters.)

    rndc-confgen has quite a number of options for the key-type - but I'm not s= ure what BIND9 will handle for RNDC.

    I've seen reports that only HMAC-MD5 is the only valid key type.

    ...

    Just before posting this, I checked the RNDC man page and found this:=20
    [At least I saved myself some public embarrassment! :) ]
    ---
    rndc communicates with the name server over a TCP connection, sending comma= nds authenticated with digital signatures. In the current versions of rndc = and named, the only supported authentication algorithms are HMAC-MD5 (for c= ompatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256 (default), HMAC-SHA384 a=
    nd HMAC-SHA512. They use a shared secret on each end of the connection. Thi=
    s provides TSIG-style authentication for the command request and the name s= erver's response. All commands sent over the channel must be signed by a ke= y_id known to the server.
    ---

    Still, the root cause for my query....
    Is there any (security) reason/implications to use something "better" than = MD5?

    I'd lean toward something like HMAC-SHA256/384/512.

    Perhaps there's a discussion somewhere I haven't found - and I'd be glad to=
    be pointed to that, instead of taking someone's time re-typing a bunch of = details. But I can't seem to find anything.=20
    I assume it might be easier to forge an update for rndc with an MD5 key, ri= ght?=20
    Is there any reason not to select the strongest - HMAC-SHA512?

    Just wanting to be sure I understand the implications of any particular cho= ice.

    TIA
    -Greg
    ------------00913B2241244C85C
    Content-Type: text/html; charset=iso-8859-15
    Content-Transfer-Encoding: quoted-printable

    <html><head><title>rndc valid key types</title>
    <meta charset=3D"utf-8" http-equiv=3D"X-UA-Compatible" content=3D"IE=3D9; I= E=3D8; IE=3D7; IE=3DEDGE" />
    </head>
    <body>
    <span style=3D" font-family:'Courier New'; font-size: 9pt;">So, I've spent = some time looking at the man pages and googling without any definitive answ= er.<br>

    I'm generating some new rndc keys for my bind9 config. (9.11.3 in this part= icular case, if it matters.)<br>

    rndc-confgen has quite a number of options for the key-type - but I'm not s= ure what BIND9 will handle for RNDC.<br>

    I've seen reports that only HMAC-MD5 is the only valid key type.<br>

    ...<br>

    Just before posting this, I checked the RNDC man page and found this:<br>
    [At least I saved myself some public embarrassment! :) ]<br>
    ---<br>
    rndc communicates with the name server over a TCP connection, sending comma= nds authenticated with digital signatures. In the current versions of rndc = and named, the only supported authentication algorithms are HMAC-MD5 (for c= ompatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256 (default), HMAC-SHA384 a=
    nd HMAC-SHA512. They use a shared secret on each end of the connection. Thi=
    s provides TSIG-style authentication for the command request and the name s= erver's response. All commands sent over the channel must be signed by a ke= y_id known to the server.<br>
    ---<br>

    Still, the root cause for my query....<br>
    Is there any (security) reason/implications to use something "better" than = MD5?<br>

    I'd lean toward something like HMAC-SHA256/384/512.<br>

    Perhaps there's a discussion somewhere I haven't found - and I'd be glad to=
    be pointed to that, instead of taking someone's time re-typing a bunch of = details. But I can't seem to find anything.<br>
    I assume it might be easier to forge an update for rndc with an MD5 key, ri= ght?<br>
    Is there any reason not to select the strongest - HMAC-SHA512?<br>

    Just wanting to be sure I understand the implications of any particular cho= ice.<br>

    TIA<br>
    -Greg<br>
    </body></html>
    ------------00913B2241244C85C--

    --- Synchronet 3.18a-Linux NewsLink 1.113
  • From Evan Hunt@each@isc.org to Greg Sloop on Wed Jul 8 00:06:47 2020
    From Newsgroup: comp.protocols.dns.bind

    On Tue, Jul 07, 2020 at 04:32:37PM -0700, Gregory Sloop wrote:
    I've seen reports that only HMAC-MD5 is the only valid key type.

    That was the case at one time, but hasn't been for years.

    Is there any (security) reason/implications to use something "better"
    than MD5?

    MD5 is broken (as is SHA1). In this specific context, a forged rndc message
    is probably impracticable on any reasonable time scale, and I wouldn't fear
    for security if I were using them. *But*, they're broken, and crypto
    people don't like keeping broken things around, so I wouldn't count on them being supported forever. We've already removed MD5 support in the context
    of DNSSEC keys; TSIG could come next.

    So, if you want to generate a key and not have to worry about generating another one in a year or two, I would advise against MD5 or SHA1.

    Is there any reason not to select the strongest - HMAC-SHA512?

    No, go ahead. I tend to use sha256, just because it's the default
    from rndc-confgen.

    --
    Evan Hunt -- each@isc.org
    Internet Systems Consortium, Inc.
    --- Synchronet 3.18a-Linux NewsLink 1.113