Thanks, Phil. The document I used to set up the rotation schedules is "Good Practices Guide for Deploying DNSSEC" at http://www.enisa.europa.eu/act/res/technologies/tech/gpgdnssec. It recommends a two-week interval between ZSK inactivation and deletion. I will carefully study the IETF draft below to get a better understanding of this issue. Jeff.
> There's an RFC describing the key rotation schedules you must use in a > lot of detail. I can't find the link off-hand, but I will dig into it. > http://tools.ietf.org/html/draft-ietf-dnsop-dnssec-key-timing-02 > See section 3.2.1 _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
