Hello!
I have installed OpenDNSSEC 2.1.3 and use it for
two domains so far.
>From my old server with OpenDNSSEC 1.3 I'm used to
having different "Date of next transition:" fields
for KSK and ZSK. In that server I have KSK Lifetime
set to P4Y and ZSK Lifetime set to P30D.
In the new server I
On 5. Nov 2018, at 15:45, list-opendnssec-u...@jyborn.se wrote:
> I'm wondering if P10Y is too long to be accepted, and
> because of that OpenDNSSEC somehow decided to default
> to the same Lifetime for KSK as for ZSK?
Yes, 10 years should work. I do have the same settings regarding KSK:
On 5. Nov 2018, at 15:45, list-opendnssec-u...@jyborn.se wrote:
> I'm wondering if P10Y is too long to be accepted, and
> because of that OpenDNSSEC somehow decided to default
> to the same Lifetime for KSK as for ZSK?
Yes, 10 years should work. I do have the same settings regarding KSK:
On 5. Nov 2018, at 21:43, list-opendnssec-u...@jyborn.se wrote:
> On Mon, Nov 05, 2018 at 07:44:58PM +0100, Michael Grimm wrote:
>> On 5. Nov 2018, at 15:45, list-opendnssec-u...@jyborn.se wrote:
>>> I'm wondering if P10Y is too long to be accepted, and
>>> because of that OpenDNSSEC somehow
>> That is almost exactly the same Keys config as I have
>> in kasp.xml. Only differences are that my ZSK Lifetime
>> is P90D and my ZSK Algorithm length is 1024.
>>
>> The strange thing is that my KSK keys only have 90 days
>> until next transition from when they were created, as shown
>> with
On Mon, Nov 05, 2018 at 07:44:58PM +0100, Michael Grimm wrote:
> On 5. Nov 2018, at 15:45, list-opendnssec-u...@jyborn.se wrote:
>
> > I'm wondering if P10Y is too long to be accepted, and
> > because of that OpenDNSSEC somehow decided to default
> > to the same Lifetime for KSK as for ZSK?
>
>
Hey All!
Hope the information below sheds some light on the subject.
> On 06 Nov 2018, at 05:48, Havard Eidnes wrote:
>
>>> That is almost exactly the same Keys config as I have
>>> in kasp.xml. Only differences are that my ZSK Lifetime
>>> is P90D and my ZSK Algorithm length is 1024.
>>>