changing NSEC3 salt

Chris Thompson cet1 at cam.ac.uk
Tue Feb 11 15:38:12 UTC 2014 

On Feb 10 2014, Mark Andrews wrote:

>In message <52F94EE2.7080505 at ksu.edu>, "Lawrence K. Chen, P.Eng." writes:
[... snip ...]
>> On 02/06/14 15:07, Timothe Litt wrote:
[... snip ...]
>> > Note also the RFC 5155 recommendation:
>> >> The salt SHOULD be at least 64 bits long and unpredictable, so that
>> >> an attacker cannot anticipate the value of the salt and compute the
>> >> next set of dictionaries before the zone is published.
>> > In case it wasn't obvious, I should have noted that the length would be
>> > a config file entry.
[...]
>>
>> Interesting....I guess I need to keep up more on these things.
>> 
>> I haven't changed my NSEC3 salt since I initially set up DNSSEC here,
>> and seemed to me that the document I was working off of back then said 4
>> hex characters.
>> 
>> Which probably made it extra hard for me to come up with a random
>> number.  So, its totally non-random...so all I did was take the hex for
>> two (well-known) letters...for my salt.  Since the salt is 'public',
>> I'll say it.  my salt is "KS", or "4b53".
>> 
>> So now to think of how to add NSEC3 salt changing to my current
>> automation scripts....
>
>And for most zones it won't make a bit of difference.  Most are
>mainly static and once you have sampled the zone enough times to
>have (almost) all the NSEC3 records you just keep testing against
>those NSEC3 records.  Once you find a name in the zone you can just
>test that it still exists.  When the NSEC3 parameters change you
>just run the know names through for a non-existing type and you
>get confirmation of the name and a new set of NSEC3 records without
>having to do as much sampling.
>
>It makes a bit of sense for zones that have names that a coming and
>going all the time but even then you can reuse existing knowledge.

It's probably worth noticing what the big operators do, e.g.

$ dig +noall +answer +nottl NSEC3PARAM com. edu. net. org.
com.                    IN      NSEC3PARAM 1 0 0 -
edu.                    IN      NSEC3PARAM 1 0 0 -
net.                    IN      NSEC3PARAM 1 0 0 -
org.                    IN      NSEC3PARAM 1 0 1 D399EAAB

(AFAIK the salt used for "org" has never changed - and the same value
is used for 23 other TLDs.) A quick check revealed 216 TLDs [*] with
NSEC3PARAM records, distributed as follows:

   Extra                 Salt length (bytes)               Total
 iterations    0    2    3    4    5    6    8   10   16

     0         7    -    -    -    -    -    -    -    -       7
     1         -    -    -  125    -    -    1    -    -     126
     2         -    -    -    2    -    -    -    -    1       3
     3         -    3    -    1    -    -    -    -    -       4
     5         1    -    -    1    5    -   15    1    -      23
     8         -    -    -    -    -    2    -    -    -       2
    10         2    4    5   25    -    -    1    -    -      37
    12         -    -    -    -    -    -    5    1    -       6
    13         -    -    1    -    -    -    -    -    -       1
    15         -    -    -    1    -    -    -    -    -       1
    17         -    -    -    -    -    -    1    -    -       1
    25         -    -    -    -    -    -    2    -    -       2
   100         -    -    -    -    -    -    1    -    -       1
   150         -    -    -    1    -    -    1    -    -       2

  Total       10    7    6  156    5    2   27    2    1     216


[*] A lot more than there used to be, due to the influx of new gTLDs.

-- 
Chris Thompson
Email: cet1 at cam.ac.uk

More information about the bind-users mailing list