Problem upgrading to 9.18 - important feature being removed
Carsten Strotmann
carsten at strotmann.de
Tue Feb 27 17:26:02 UTC 2024
Hi Jim,
> On 27. Feb 2024, at 16:39, Jim P. via bind-users <bind-users at lists.isc.org> wrote:
>
> There should also be an option to display the current configuration in
> specific detail to easily create a new KASP (side question: why does DNS
> need a new acronym?)
The term “KASP” for “Key-and-signing-policy” has been around in the DNS community for many years. I remember first hearing that term when .SE (Sweden) started signing their TLD in 2005.
In the beginning of DNSSEC deployment, the KASP was a document that defines how DNSSEC is implemented for a given DNS zone (that is still a good practice, writing down DNSSEC algorithms used, key sizes and rollover intervals etc).
In the last years, improvements in the DNS server software (OpenDNSSEC, Knot DNS, but also BIND 9) made it possible to define the KASP in the software, which makes it easier to match the KASP document with the KASP configuration on the server itself.
From my view, this is a good development.
Greetings
Carsten
More information about the bind-users
mailing list