Halo all, Many year ago we set up DNSSEC, our key were generated with sha1 as was recommended way back all them years. We too are not DNSSEC guru, so some answer may be simple
Now we want to upsecure this to sha256. Also we use ZSK -b 1024 and KSK -b 4096 even modern google from apnic show example ZSK of only 1024? is this still secure? Is best practise for doing this, replacing the keys completely, more or less like start fresh again? We do use inline signing and automatic maintain. I see 9.16 make it easy by not needing do anything but set policy, but we are stuck on 9.14 for time being. I am ok with wiping DS, keys everything and start fresh if that is easiest, unless there is another simple way?
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
