> Date: Tue, 23 Feb 2010 16:02:27 -0500
> From: Alan Clegg
> Sender: bind-users-bounces+oberman=es@lists.isc.org
>
> Nicholas Wheeler wrote:
> > On Tue, 2010-02-23 at 23:40 +0300, Eugene Crosser wrote:
> >> (Well, for now the plan is to do it once a year by hand. Then, we'll
> >> see...)
>
On Tue, 23 Feb 2010, Alan Clegg wrote:
For the record, NIST recommends to roll the ZSK every three months, and
the KSK every two years.
And there are lots of other opinions on this timing as well.
Note that you cannot really talk about rolling key recommendations without
mentioning the key s
Nicholas Wheeler wrote:
> On Tue, 2010-02-23 at 23:40 +0300, Eugene Crosser wrote:
>> (Well, for now the plan is to do it once a year by hand. Then, we'll see...)
>
> For the record, NIST recommends to roll the ZSK every three months, and
> the KSK every two years.
And there are lots of other op
On Tue, 2010-02-23 at 23:40 +0300, Eugene Crosser wrote:
> (Well, for now the plan is to do it once a year by hand. Then, we'll see...)
For the record, NIST recommends to roll the ZSK every three months, and
the KSK every two years.
Thanks,
-- Nicholas
signature.asc
Description: This is a
Stephane Bortzmeyer wrote:
> There is nothing about key rollover, it seems? How do you handle it?
I don't.
(Well, for now the plan is to do it once a year by hand. Then, we'll see...)
Regards,
Eugene
signature.asc
Description: OpenPGP digital signature
__
On Mon, Feb 22, 2010 at 11:40:49AM +0300,
Eugene Crosser wrote
a message of 49 lines which said:
> Reviewed version placed here: http://www.average.org/dnssec/
There is nothing about key rollover, it seems? How do you handle it?
___
bind-users mail
> HOW TO CONFIGURE AUTO-SIGNED DYNAMIC ZONES WITH BIND9
>
> This document describes how to configure bind9 to
> automatically sign zones as they are being modified
> by dynamic update mechanism.
Reviewed version placed here: http://www.average.org/dnssec/
Eugene
Please comment!
Eugene
===
HOW TO CONFIGURE AUTO-SIGNED DYNAMIC ZONES WITH BIND9
This document describes how to configure bind9 to
automatically sign zones as they are being modified
by dynamic update mechanism. It is assumed that
you already know how
On 2010-02-16 13:32, Eugene Crosser wrote:
> Do you think there is an appropriate place somewhere for a small
> one-page HOWTO? I could document what I did and submit the result...
>
I for one would be interested!
Niobos
___
bind-users mailing list
bi
Mark Andrews wrote:
>> I would like to make dynamic zone automatically signed.
> Firstly upgrade to BIND 9.6.0 or later as it supports re-signing
[etc]
Thanks Mark!
With your directions, I got the system airborne in no time.
Do you think there is an appropriate place somewhere for a small
one-
In message <4b798db8.2050...@average.org>, Eugene Crosser writes:
>
> Hello everyone, I am new here.
>
> I am running a manually signed zone (average.org) for my domain for some
> time now. I also have a separate subdomain zone (dyn.average.org) that
> allows dynamic updates, and that is current
Hello everyone, I am new here.
I am running a manually signed zone (average.org) for my domain for some
time now. I also have a separate subdomain zone (dyn.average.org) that
allows dynamic updates, and that is currently not signed. Bind version
is 9.5.1. (debian stable).
I would like to make dyn
12 matches
Mail list logo
