If nothing changes, only the SOA serial will be incremented on resign.
The signatures don't 'have' to be renewed every 30 days, you can resign
as often as you want / need.
regards
~Carlos
On 4/11/13 9:14 AM, hugo hugoo wrote:
Hello,
Can anyone tell me why signatures in dnssec mut be
Hello, Can anyone tell me why signatures in dnssec mut be renewed every 30
days?What are the modifications made on a zone with a resign? Thanks in advance
for the clarifications. Hugo, ___
Please visit
Sign them for longer, I typically use 90 days
On Thu, 2013-04-11 at 12:14 +, hugo hugoo wrote:
Hello,
Can anyone tell me why signatures in dnssec mut be renewed every 30
days?
What are the modifications made on a zone with a resign?
Thanks in advance for the clarifications.
hugo hugoo hugo...@hotmail.com wrote:
Can anyone tell me why signatures in dnssec mut be renewed every 30
days?
The limited lifetime of the signatures reduces your exposure to a replay
attack. After the signature has expired an attacker cannot fool a victim
by giving them the stale data.
On Apr 11, 2013, at 8:34 AM, Noel Butler noel.but...@ausics.net wrote:
Sign them for longer, I typically use 90 days
On Thu, 2013-04-11 at 12:14 +, hugo hugoo wrote:
Hello,
Can anyone tell me why signatures in dnssec mut be renewed every 30 days?
What are the modifications made on
Alan Clegg a...@clegg.com wrote:
I use dynamic zones and never concern myself with expired signatures.
You can also use inline signing to remove this hassle.
Yes!
Better solution: Sign them more often. Why not sign them twice a day?
I personally don't think that extending the signature
6 matches
Mail list logo
