Nicholas Wheeler wrote: > On Tue, 2010-02-23 at 23:40 +0300, Eugene Crosser wrote: >> (Well, for now the plan is to do it once a year by hand. Then, we'll see...) > > For the record, NIST recommends to roll the ZSK every three months, and > the KSK every two years.
Let me put it this way: by the time I become bothered with automatic key rollover, hopefully bind 9.7 will become part of the distribution that I use. Then I'll figure things out. BTW, I feel wary about letting named do everything related to zone signing for me. For one, private KSK, and probably 'top' zone ZSK, are not going to be readable by named. And maybe even not going to live on the same host. Eugene
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users