Cloudflare Docs
Edit this page on GitHub
Set theme to dark (⇧+D)

Supported DNSKEY signature algorithms

DNSSEC is a protocol that adds a layer of security to the domain name system (DNS). DNSSEC does this by providing authentication through public signing keys using two DNS records: DNSKEY and DS. They can be used to verify DNSSEC signatures in RRSIG records. supports the following signature algorithms:

  • RSA/SHA-1
  • RSA/SHA-256
  • RSA/SHA-512
  • ECDSA Curve P-256 with SHA-256 (ECDSAP256SHA256)
  • ECDSA Curve P-384 with SHA-384 (ECDSAP384SHA384)
  • ED25519