On Sat, Oct 15, 2011 at 1:31 PM, Mark Elkins <m...@posix.co.za> wrote:
> True - no problem with a handful of zones. > > Now assume a few thousand being automated from some script. > > Wonder if OpenDNSSEC handles this at all? > > OK - so I've rewritten my script to not worry (Don't Panic) - just keep > using the monthly KSK's with RSASHA1 until it sees a ZSK with the > RSASHA256 algorithm - then just switch over to creating KSK's with > RSASHA256 as well. > > There are some documented procedures for algorithm rollovers in RFC 4641bis that you should probably look at. The current draft is at: http://tools.ietf.org/html/draft-ietf-dnsop-rfc4641bis-07 see section 4.1.5. Regards, Casey
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
