[dns-operations] Few questions regarding DNSSEC
Miek Gieben
miek at miek.nl
Thu Oct 31 17:15:18 UTC 2013
[ Quoting <andreev.peter at gmail.com> in "Re: [dns-operations] Few questions ..." ]
> 1) It's up to you, if your zones are small and keys are long, you can live
> without rotation longer. For example we rotate KSK every year and ZSK every
> 3 months with SHA256 and 10M records in zone. Also take a look at
> http://tools.ietf.org/html/rfc6781
Or don't roll your keys at all (except in a emergency).
For my personal zones I use pretty much static keys.
grtz Miek
--
Miek Gieben
PGP 3880D0F6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20131031/5784dd8b/attachment.sig>
More information about the dns-operations
mailing list