[ Quoting <[email protected]> in "Re: [dns-operations] Few questions ..." ] > 1) It's up to you, if your zones are small and keys are long, you can live > without rotation longer. For example we rotate KSK every year and ZSK every > 3 months with SHA256 and 10M records in zone. Also take a look at > http://tools.ietf.org/html/rfc6781
Or don't roll your keys at all (except in a emergency). For my personal zones I use pretty much static keys. grtz Miek -- Miek Gieben PGP 3880D0F6
signature.asc
Description: Digital signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
