[dns-operations] .SE moving from DNSSEC algo 5 to 8
arsen.stasic at univie.ac.at
Mon Dec 11 06:55:54 UTC 2017
Thanks for sharing this with us.
Have you considered using NSEC3 with opt-out (for memory reasons)?
* Roger Murray <roger.murray at iis.se> [2017-12-08 14:38 (+0000)]:
>The zone was taking up about 1.6GB in memory before we started the algorithm roll, with all the signatures in the zone the size went up to 2.3GB.
>> On 8Dec, 2017, at 08:56 , Jakob Schlyter <jakob at kirei.se> wrote:
>> Do you have any numbers to share?
>> Forwarded message:
>> From: Richard Lamb <slamb at xtcn.com <mailto:slamb at xtcn.com>>
>> To: Jakob Schlyter <jakob at kirei.se <mailto:jakob at kirei.se>>
>> Subject: Re: [dns-operations] .SE moving from DNSSEC algo 5 to 8
>> Date: Wed, 6 Dec 2017 09:09:38 -0800
>> How much bigger did the SE zonefile get due to the double signing of DS records?
>> On Wed, Dec 6, 2017 at 12:21 AM, Jakob Schlyter <jakob at kirei.se <mailto:jakob at kirei.se>> wrote:
>> FYI, .SE is under way moving from RSA/SHA-1 (5) 2048/1024 to RSA/SHA-256
>> (8) 2048/2048 - http://dnsviz.net/d/se/dnssec/ <http://dnsviz.net/d/se/dnssec/>. DS at root is not yet
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: not available
More information about the dns-operations