Nicholas Wheeler wrote: > On Tue, 2010-02-23 at 23:40 +0300, Eugene Crosser wrote: >> (Well, for now the plan is to do it once a year by hand. Then, we'll see...) > > For the record, NIST recommends to roll the ZSK every three months, and > the KSK every two years.
And there are lots of other opinions on this timing as well. Rolling ZSK using BIND 9.7 is amazingly easy - I'm planning on writing a short paper on this as time permits. Rolling KSK is a bit more difficult as there aren't a lot of registrars that have the ability to accept DS records at this point anyway, and I don't see them implementing RFC-5011 personally... It's coming, it's just not here quite yet. AlanC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
