Hello Danilo,
A simple schema to change DNSSEC algorithms is as follows:
1. Add new KSK/ZSK and double sign DNSKEY and all zone RRs
with both the new and old algorithm
2. Replace DS at parent
3. Remove old DNSKEY and all RRSIGs from the old algorithm
Before step 2 wait the max zone TTL to exp
> On Apr 5, 2022, at 12:37 PM, John Thurston wrote:
>
> We've reached April, 2022. I expect, in the next 30-days or so, we'll be
> seeing an announcement regarding the change of contents of bind-esv, bind,
> and bind-dev
>
> Is it reasonable to expect these changes will occur in about the m
On 1/26/2022 9:09 AM, Victoria Risk wrote:
For those using the ISC BIND packages:
Because we are still patching 9.11, and we haven’t yet issued a new
development branch, we are putting 9.18.0 into the bind-dev
repositories, for now.
In April, we plan to do a version rollover:
- bind-esv wil
Hello,
I implemented DNSSEC for my personal domain a good while ago with an
older Bind and back then, I used RSASHA1-NSEC3-SHA1 algorithm, which by
now is not recommended... So I'm going to change the algorithm, probably
to ECDSAP256SHA256, which should also be NSEC3 capable.
Since my domai
4 matches
Mail list logo
