RE: NSEC3/NSEC transition

Thank you Mark Regards, David -Original Message- From: Mark Andrews [mailto:ma...@isc.org] Sent: February-14-13 5:39 PM To: David Sherman Cc: bind-us...@isc.org Subject: Re: NSEC3/NSEC transition In message , David Sherman writes: > Thank you, Mark > > Is it safe to keep

Re: NSEC3/NSEC transition

In message , David Sherman writes: > Thank you, Mark > > Is it safe to keep -u option for dnssec-signzone in all cases, regardless o= > f current actual NSEC/NSEC3 chains. > > Thanks, > David I had forgotten about "-u". Being a appliance vendor you may want to use it all the time as you have

RE: NSEC3/NSEC transition

: NSEC3/NSEC transition In message , David Sherman writes: > Hi, > > If dynamic signing is used with BIND 9.8, what is the recommended > procedure t o switch from NSEC3-signed zone to NSEC-signed without > changing existing DNSK EYs (currently RSA/SHA-512 algorithms are used for

Re: NSEC3/NSEC transition

In message , David Sherman writes: > Hi, > > If dynamic signing is used with BIND 9.8, what is the recommended procedure t > o switch from NSEC3-signed zone to NSEC-signed without changing existing DNSK > EYs (currently RSA/SHA-512 algorithms are used for both ZSK and KSK)? > Any specific options

Re: NSEC3/NSEC transition

David Sherman wrote: > > If dynamic signing is used with BIND 9.8, what is the recommended > procedure to switch from NSEC3-signed zone to NSEC-signed without > changing existing DNSKEYs (currently RSA/SHA-512 algorithms are used for > both ZSK and KSK)? Any specific options for dnssec-signzone?

NSEC3/NSEC transition

Hi, If dynamic signing is used with BIND 9.8, what is the recommended procedure to switch from NSEC3-signed zone to NSEC-signed without changing existing DNSKEYs (currently RSA/SHA-512 algorithms are used for both ZSK and KSK)? Any specific options for dnssec-signzone? Thanks, David ___