signature expiration
Alan Clegg
alan at clegg.com
Thu Apr 11 13:42:59 UTC 2013
On Apr 11, 2013, at 8:34 AM, Noel Butler <noel.butler at ausics.net> wrote:
> Sign them for longer, I typically use 90 days
>
> On Thu, 2013-04-11 at 12:14 +0000, hugo hugoo wrote:
>> Hello,
>>
>> Can anyone tell me why signatures in dnssec mut be renewed every 30 days?
>> What are the modifications made on a zone with a resign?
>>
>> Thanks in advance for the clarifications.
Better solution: Sign them more often. Why not sign them twice a day?
I use dynamic zones and never concern myself with expired signatures.
You can also use inline signing to remove this "hassle".
I personally don't think that extending the signature validity period is a good idea.
AlanC
--
Alan Clegg | +1-919-355-8851 | alan at clegg.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130411/904a4ca6/attachment.bin>
More information about the bind-users
mailing list