Bind and ZSK-Rollovers: Changing salt automatically?
Johannes Kastl
mail at ojkastl.de
Thu Jul 24 17:33:22 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi everyone,
I read quite a bit on DNSSEC in the last couple of weeks, and found
that BIND can automatically rollover the ZSK without manual intervention.
I also found the recommendation, to change the NSEC3 salt each time
the key is rolled over.
What I did not find is, if BIND can also automatically change the salt
each time it does a ZSK rollover. Cos that would be quite handy...
Thanks in advance.
Regards,
Johannes
- --
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.
(Benjamin Franklin, 1759)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/
iEYEARECAAYFAlPRQ2IACgkQzi3gQ/xETbLdFACgizonyyL+xE4w8cEhH/j7wNGV
iPEAni0dzUNcZsKhL1daU33o8tdjr659
=r3tG
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list