[dns-operations] Few questions regarding DNSSEC

Miek Gieben miek at miek.nl
Thu Oct 31 17:15:18 UTC 2013

[ Quoting <andreev.peter at gmail.com> in "Re: [dns-operations] Few questions ..." ]
> 1) It's up to you, if your zones are small and keys are long, you can live
> without rotation longer. For example we rotate KSK every year and ZSK every
> 3 months with SHA256 and 10M records in zone. Also take a look at
> http://tools.ietf.org/html/rfc6781

Or don't roll your keys at all (except in a emergency).

For my personal zones I use pretty much static keys.

grtz Miek

   Miek Gieben
   PGP 3880D0F6

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20131031/5784dd8b/attachment.sig>

More information about the dns-operations mailing list