On 21/12/2020 11:31, Arsen STASIC wrote: Hi Arsen,
> RIPE's DNS Zonemaster version might be outdated, because it does not > support DNSSEC algorithm ED25519. This is the error message: > Signature for DNSKEY with tag 52537 failed to verify with error 'Unknown > cryptographic algorithm'. > https://dnscheck.ripe.net/test/328db6c75665721b You are correct. We are using an older version of Zonemaster, and it does not support ED25519. > But the Zonemaster software (Versions: engine 4.0.3, backend 6.0.2, GUI > 3.2.1) has already support for DNSSEC algorithm ED2551: > https://www.zonemaster.net/result/c1607f01d96a8d60 > > It would be good if RIPE's Zonemaster could also list its version numbers. We are already testing the latest version of Zonemaster, but we also need to update the OS it runs on, since we need newer versions of OpenSSL with support for ED25519. I don't have a date for you, but we hope to update Zonemaster to the latest version very soon. In the meantime, if you need to add or update a DS record for your zones, please email [email protected] with a complete copy of your domain object, and we will do the updates for you manually. Regards, Anand Buddhdev RIPE NCC
