Multiple DS Records
Loren M. Lang
lorenl at north-winds.org
Sun Jun 27 11:48:12 UTC 2010
I have read through RFC 4641 and I believe I understand the various key
roll over procedures, but the RFC does not mention the scenario of
adding the DS records to the parent before publishing and/or using the
new KSKs. It is safe to pre-publish new DS records and once it has
propagated to slave servers + it's original TTL, swap out the KSK and
resign the DNSKEY RRset?
--
Loren M. Lang
lorenl at north-winds.org
http://www.north-winds.org/
Public Key: ftp://ftp.north-winds.org/pub/lorenl_pubkey.asc
Fingerprint: 10A0 7AE2 DAF5 4780 888A 3FA4 DCEE BB39 7654 DE5B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100627/3f9a6d5a/attachment.bin>
More information about the bind-users
mailing list