DNSSEC DSSET & KEYSET
Florian Weimer
fweimer at bfk.de
Thu Jan 28 15:17:29 UTC 2010
* prock:
> In a DNSSEC compliant world (I know we're not there yet) we need to
> give a copy of our DSSET and KEYSET to our parent domain. Please
> confirm that is an accurate statement.
Parent zone policies vary. Some require DS RRs, some DNSKEY RRs.
Demanding DNSKEY RRs can prolong the life of signature schemes with
certain weaknesses (which might be helpful at some point in the
future).
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the bind-users
mailing list