Re: Bind and ZSK-Rollovers: Changing salt automatically?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28.07.14 23:05 Evan Hunt wrote: rndc signing -nsec3param can change your salt. Specifying auto as the salt causes named to generate a salt at random. I forgot to mention that the auto feature is new in 9.10, not in older versions. Thanks for the answer, good to know. off searching for a package for bind 9.10 on the opensuse build service... Regards, Johannes - -- You know the world is going crazy when the best rapper is a white guy, the best golfer is a black guy, the Swiss hold the America's Cup, France is accusing the US of arrogance, and Germany doesn't want to go to war. (aus alt.jokes) -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ iEYEARECAAYFAlPZLrgACgkQzi3gQ/xETbK9ZwCeOUZPqevQKtHAxikkinohndIc WPkAoJqAuwQCHJZaSwDdsM91FT2UMaQ8 =VyvF -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind and ZSK-Rollovers: Changing salt automatically?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Carsten and all, sorry for the late reply. On 24.07.14 19:53 Carsten Strotmann wrote: I'm not aware that BIND 9 can do a ZSK rollover all on its own, it is however possible to set the timing values on the ZSK key files in a away that BIND 9 will execute the rollover at the set times. It is also possible to create a direct successor ZSK from an existing ZSK. That is exactly what I meant. I prepare the keys and bind does the rollover automatically. But the creation of the new ZSK, as well as setting the timing values, need to be done outside BIND 9. It is relaive strightforward to script this in a cron job, and there are ready-made tools that can help. I'll dig into scripting that. But I found Michael W Lucas' DNSSEC Mastery pretty good read on the process.. In the same cron job, it is then possible to create a new NSEC3 salt and inject that into the zone. So basically BIND cannot do that for me, each time it does a key rollover. That's what I wanted to know. Doing so at the exact moment of the ZSK key rollover (to prevent unecessary re-generation of all RRSIGs) is tricky. If the zone is no too big (e.g. re-generating all RRSIGs is not a problem), I would recommend to roll the salt in the same intervals, but independent from the ZSK rollover. I'll stick with this, then. Regards, Johannes - -- Debian est omnis divisa in partes tres, quarum unam nominari Stable, aliam Testing, tertiam qui ipsorum lingua Sid, nostra Unstable appellantur. -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ iEYEARECAAYFAlPWd00ACgkQzi3gQ/xETbJYRwCaAp4UiwsIlIp2zjq/w0ImOJjC YoUAnjTMjMJ/wbkhKR1oj7iJS1p1H6G7 =qHrR -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind and ZSK-Rollovers: Changing salt automatically?
On Mon, Jul 28, 2014 at 06:16:13PM +0200, Johannes Kastl wrote: In the same cron job, it is then possible to create a new NSEC3 salt and inject that into the zone. So basically BIND cannot do that for me, each time it does a key rollover. That's what I wanted to know. rndc signing -nsec3param can change your salt. Specifying auto as the salt causes named to generate a salt at random. There's currently no way to schedule it the way you can schedule key rollovers, but you can put it in a crontab. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind and ZSK-Rollovers: Changing salt automatically?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28.07.14 19:09 Evan Hunt wrote: On Mon, Jul 28, 2014 at 06:16:13PM +0200, Johannes Kastl wrote: So basically BIND cannot do that for me, each time it does a key rollover. That's what I wanted to know. rndc signing -nsec3param can change your salt. Specifying auto as the salt causes named to generate a salt at random. Good to know. There's currently no way to schedule it the way you can schedule key rollovers, but you can put it in a crontab. As I said, knowing that BIND does not do that automatically and I have to put it in a crontab is exactly what I wanted to know... Thanks for the answer. Regards, Johannes - -- Sex is like hacking. You get in, you get out, and you hope you didnt leave something behind that can be traced back to you. -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ iEYEARECAAYFAlPWqDkACgkQzi3gQ/xETbLIQACfUmKFDj49mPw9/WQacLDHjECR NjkAn0j++xb8pVQm/X/VeUOQ87RNQDOO =5Fk7 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind and ZSK-Rollovers: Changing salt automatically?
rndc signing -nsec3param can change your salt. Specifying auto as the salt causes named to generate a salt at random. I forgot to mention that the auto feature is new in 9.10, not in older versions. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind and ZSK-Rollovers: Changing salt automatically?
Hello Mark, Mark Andrews ma...@isc.org writes: Actually it is useless to change the salt regularly. Changing the salt provides no real benefit against discovering the names in a zone which is the reason people were saying to change the salt. The attacker uses cached NSEC3 records. When it gets a cache miss it asks the servers for the zone, puts the answer in the cache and continues. When the salt changes it just maintains multiple nsec3 chains eventually discarding the old nsec3 chain eventually. I would wait until the new NSEC3 chain has as many cached records as the old NSEC3 chain. Changing the salt slows things up miniminally for a very short period of time after the change. Additionally once you have some names you ask for those names for a non-exisisting type to quickly pull in part of the new NSEC3 chain you know exists. The only reason to change the salt is if you have a collision of the hashed names. This will be a very very very rare event. this is new for me (must somehow missed it if this was previously discussed). I do not want to give useless or misguiding advice. I do not understand how the NSEC3 hash can be defeated by an attacker. Could you give a link to additional information or could you explain the issue with NSEC3 salt in other words? Best regards Carsten -- Carsten Strotmann Email: c...@strotmann.de Blog: strotmann.de ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind and ZSK-Rollovers: Changing salt automatically?
Carsten Strotmann c...@strotmann.de wrote: I do not understand how the NSEC3 hash can be defeated by an attacker. Could you give a link to additional information or could you explain the issue with NSEC3 salt in other words? http://www.vs.uni-due.de/personal/wander/20130512_NSEC3_Hash_Breaking/ Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ Dover, East Wight: Northerly or northeasterly 4 or 5. Slight or moderate. Thundery showers. Moderate or good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind and ZSK-Rollovers: Changing salt automatically?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi everyone, I read quite a bit on DNSSEC in the last couple of weeks, and found that BIND can automatically rollover the ZSK without manual intervention. I also found the recommendation, to change the NSEC3 salt each time the key is rolled over. What I did not find is, if BIND can also automatically change the salt each time it does a ZSK rollover. Cos that would be quite handy... Thanks in advance. Regards, Johannes - -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. (Benjamin Franklin, 1759) -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ iEYEARECAAYFAlPRQ2IACgkQzi3gQ/xETbLdFACgizonyyL+xE4w8cEhH/j7wNGV iPEAni0dzUNcZsKhL1daU33o8tdjr659 =r3tG -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind and ZSK-Rollovers: Changing salt automatically?
Hello Johannes, Johannes Kastl m...@ojkastl.de writes: Hi everyone, I read quite a bit on DNSSEC in the last couple of weeks, and found that BIND can automatically rollover the ZSK without manual intervention. I also found the recommendation, to change the NSEC3 salt each time the key is rolled over. What I did not find is, if BIND can also automatically change the salt each time it does a ZSK rollover. Cos that would be quite handy... I'm not aware that BIND 9 can do a ZSK rollover all on its own, it is however possible to set the timing values on the ZSK key files in a away that BIND 9 will execute the rollover at the set times. It is also possible to create a direct successor ZSK from an existing ZSK. But the creation of the new ZSK, as well as setting the timing values, need to be done outside BIND 9. It is relaive strightforward to script this in a cron job, and there are ready-made tools that can help. In the same cron job, it is then possible to create a new NSEC3 salt and inject that into the zone. Doing so at the exact moment of the ZSK key rollover (to prevent unecessary re-generation of all RRSIGs) is tricky. If the zone is no too big (e.g. re-generating all RRSIGs is not a problem), I would recommend to roll the salt in the same intervals, but independent from the ZSK rollover. -- Carsten Strotmann Email: c...@strotmann.de Blog: dnsworkshop.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind and ZSK-Rollovers: Changing salt automatically?
Actually it is useless to change the salt regularly. Changing the salt provides no real benefit against discovering the names in a zone which is the reason people were saying to change the salt. The attacker uses cached NSEC3 records. When it gets a cache miss it asks the servers for the zone, puts the answer in the cache and continues. When the salt changes it just maintains multiple nsec3 chains eventually discarding the old nsec3 chain eventually. I would wait until the new NSEC3 chain has as many cached records as the old NSEC3 chain. Changing the salt slows things up miniminally for a very short period of time after the change. Additionally once you have some names you ask for those names for a non-exisisting type to quickly pull in part of the new NSEC3 chain you know exists. The only reason to change the salt is if you have a collision of the hashed names. This will be a very very very rare event. Mark In message 8661imr6cq@strotmann.de, Carsten Strotmann writes: Hello Johannes, Johannes Kastl m...@ojkastl.de writes: Hi everyone, I read quite a bit on DNSSEC in the last couple of weeks, and found that BIND can automatically rollover the ZSK without manual intervention. I also found the recommendation, to change the NSEC3 salt each time the key is rolled over. What I did not find is, if BIND can also automatically change the salt each time it does a ZSK rollover. Cos that would be quite handy... I'm not aware that BIND 9 can do a ZSK rollover all on its own, it is however possible to set the timing values on the ZSK key files in a away that BIND 9 will execute the rollover at the set times. It is also possible to create a direct successor ZSK from an existing ZSK. But the creation of the new ZSK, as well as setting the timing values, need to be done outside BIND 9. It is relaive strightforward to script this in a cron job, and there are ready-made tools that can help. In the same cron job, it is then possible to create a new NSEC3 salt and inject that into the zone. Doing so at the exact moment of the ZSK key rollover (to prevent unecessary re-generation of all RRSIGs) is tricky. If the zone is no too big (e.g. re-generating all RRSIGs is not a problem), I would recommend to roll the salt in the same intervals, but independent from the ZSK rollover. -- Carsten Strotmann Email: c...@strotmann.de Blog: dnsworkshop.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users