Post-quantum Algorithm Testing and Analysis for the DNS

To empirically investigate the impact of post-quantum algorithms on DNSSEC, SIDN Labs started the project PATAD (Post-quantum Algorithm Testing and Analysis for the DNS). Its goal is to develop a testbed that enables us to protype, evaluate, and benchmark various post-quantum algorithms in DNSSEC, not just for SIDN, but for other organisations as well.

As the project evolves we will continue to publish more information. Meanwhile you can read about our work on post-quantum DNSSEC in the publications listed at the bottom of the page.

Run your own PATAD testbed

We published the components and instructions to run your own PQC testbed on your own computer at https://github.com/SIDN/pqc-testbed.

The following screencast shows a full-stack example of our testbed using SQIsign to sign the root zone, MAYO to sign the .nl zone and Falcon to sign sidnlabs.nl.

Developing PATAD components

The script to build containers for the PATAD testbed are published on GitHub. Currently, we have two PQC-ready components: pqc-resolver-powerdns and pqc-auth-powerdns. Those containers contain a patched version of PowerDNS with support for the Falcon, SQIsign, and MAYO PQC algorithms. We encourage you to use these examples to build you own PATAD components.

Publications

Below is a list of publications about our PQC DNSSEC work. A good chunk of these are in collaboration with people from other organizations.

• Presentation: “Post Quantum Cryptography in the DNS”, Guest lecture Leiden University, Nov 2025
• Presentation: “PQC and BGPsec research at SIDN Labs”, Comcast SPIDER monthly talk, Oct 2025
• Presentation: “Evaluating PQC (Falcon and Mayo) in DNSSEC Signing for TLD Operators”, pq-dnssec side meeting at IETF 123, Jul 2025
• Paper: “PQC for DNSSEC: a format size analysis on Falcon signatures”, ACM/IRTF Applied Networking Research Workshop 2025 (ANRW ‘25), Jul 2025
• Paper: “Evaluating Post-Quantum Cryptography in DNSSEC Signing for Top-Level Domain Operators”, Network Traffic Measurement and Analysis Conference (TMA2025), Jun 2025
• Presentation: “Evaluating Post-Quantum Cryptography in DNSSEC Signing for Top-Level Domain Operators”, Network Traffic Measurement and Analysis Conference (TMA2025), Jun 2025
• Presentation: “DNSSEC na de quantumapocalyps”, SURF Security & Privacy Conferentie 2025, Jun 2025
• Presentation: “Post-quantum cryptography for DNSSEC and potential GAC actions”, GAC Meeting @ ICANN 83, Jun 2025
• Presentation: “Post-quantum cryptography for DNS (DNSSEC)”, PCSI benchmarking knowledge sharing session, May 2025
• Presentation: “Evaluating Post-Quantum Cryptography for the Domain Name System”, SURF Networking Day 2024, Dec - Presentation: “PATAD: an open-source testbed for evaluating post-quantum cryptography for DNSSEC”, ICANN 81 Tech Day, Nov 2024
• Presentation: “A testbed to evaluate post-quantum cryptography in DNSSEC”, pq-dnssec side meeting at IETF 121, Nov 2024
• Presentation: “Evaluating Post-Quantum Cryptography for the Domain Name System”, TUCCR Fall Workshop, Oct 2024
• Presentation: “A testbed to evaluate post-quantum cryptography for DNSSEC”, Radboud Digital Security group Lunch Talk, Oct 2024
• E-magazine entry: “Enabling Post-Quantum Cryptography in the DNS”, ONE Conference E-magazine, Oct 2024
• Workshop: “Post-Quantum Cryptography & DNSSEC”, CENTR R&D / Tech workshop, Oct 2024
• Blog: “Big news! NIST standardises 3 PQC algorithms”, Aug 2024
• Blog: “Set up your own PQC testbed for DNSSEC with the PATAD open-source software”, Jul 2024
• Internet-Draft: “Research Agenda for a Post-Quantum DNSSEC”
• Abstract: “A testbed to evaluate quantum-safe cryptography in DNSSEC”, The DINR 2024 Virtual Workshop, April 2024
• Presentation: “A testbed for evaluating post quantum algorithms for the DNS”, 24th CENTR R&D, Feb 2024
• Blog: “A quantum-safe cryptography DNSSec testbed” (SIDN Labs, RIPE, APNIC), Dec 2023
• Presentation: “A testbed for evaluating post quantum algorithms for the DNS” (video), PQC conference, Nov 2023
• Blog: “Adding experimental support for X25519Kyber768 to dns4all.eu”, Sep 2023

Other work on PQC in the DNS

• Blog: “More PQC in PowerDNS: A DNSSEC Field Study”, Jul 2024
• Podcast: “Testing Post Quantum Cryptography DNSSEC”, Jul 2024
• Testbed: “Post-Quantum DNSSEC Testbed with BIND and PowerDNS”