DNSSEC key rollover failure
Spain, Dr. Jeffry A.
spainj at countryday.net
Fri Jun 17 21:24:32 UTC 2011
Thanks, Phil. The document I used to set up the rotation schedules is "Good Practices Guide for Deploying DNSSEC" at http://www.enisa.europa.eu/act/res/technologies/tech/gpgdnssec. It recommends a two-week interval between ZSK inactivation and deletion. I will carefully study the IETF draft below to get a better understanding of this issue. Jeff.
> There's an RFC describing the key rotation schedules you must use in a
> lot of detail. I can't find the link off-hand, but I will dig into it.
> http://tools.ietf.org/html/draft-ietf-dnsop-dnssec-key-timing-02
> See section 3.2.1
More information about the bind-users
mailing list