Le Wed 23/07/2008, Mark Andrews disait > > To roll a key signing key. Add the key at a weekly signing. > Wait for the DNSKEY RRset TTL to expire. Send the new > DS/DLV records for the new keys to the parent/DLV operator. > Once the updated parent / DLV operator has updated the > DS/DLV RRset wait for the old TTL to expire. Remove the > old key signing key at your discression. Normally you > would do this at the next weekly signing. This proceedure > requires one interaction with the parent/dlv operator during > the rollover. > > Note this is not much different than what is required when > changing a nameservers.
But changing nameserver is an exceptional operation. Nobody wants the burden of an exceptional operation to come back regularly. -- Erwan _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
