Bind 9.5.0-P2, DNSSEC and /dev/random
Michael
michael at networkstuff.co.nz
Sun Aug 31 23:24:35 UTC 2008
> > And based on my reading of the intro these keys need to be updated at
> > least monthly?
> >
> > Michael
>
> The frequency keys need to be changed is based on their
> strength (size). The current recommendations are very
> conservitive and also factor in that humans need to repeat
> operations regularly to get them correct and not forget how
> to do the rollover. From a crypto standpoint alone you,
> generally, don't need to roll keys monthly.
>
> As more and more automation takes place the frequency of
> rolling keys will fall more and more into line with their
> crypto strength rather than be driven by human requirements.
>
> SSL certificates are valid for multiple years and they use
> the same crypto. They are also simpler to use at this point
> in time. Buy and copy into place.
So for the domain name "networkstuff.co.nz", I would need to buy a certificate
for "networkstuff.co.nz" or would it need to be a wildcard certificate?
ie: "*.networkstuff.co.nz" as these are expensive...
More information about the bind-users
mailing list