Policy change for allowed DNSSEC key algorithms and digest types

Norid will on 2020-09-01 change the technical requirements for registering DNSSEC-data on domain names. The change will affect which
DNSSEC key algorithms and digest types are allowed for domain names. Already registered data will continue to work and will not be affected by the change. It is only when DNSKEY-data and DS-data are changed (in a domain create or domain update request) that the algorithm types and digest types are checked.

After the change, only the following key algorithms will be allowed:

5 RSASHA1
7 RSASHA1-NSEC3-SHA1
8 RSASHA256
10 RSASHA512
13 ECDSAP256SHA256
14 ECDSAP384SHA384
15 ED25519
16 ED448

And the following digest types:

2 SHA-256
4 SHA-384

Published 12 June 2020 • Last updated 18 June 2020