We’ve made a few changes to the DNSSEC Supported Algorithms.
- Added support for ECDSA P-256 with SHA256
- Added support for ECDSA P-384 with SHA384
- Removed ECC-GOST (algorithm 12) as an option for KSK and ZSK
RFC6986 deprecates the use of GOST R 34.11-2012, and the Algorithm Implementation Requirements and Usage Guidance for DNSSEC intends to move DNSSEC ECC-GOST support in signers to the ‘MUST NOT’ category. Existing GOST keys should be rolled to another key type.