In message
, Alexander Gurvitz writes:
> >
> >
> > That paragraph from 4.1.4 is just plain wrong and following it will
> > lead to cached data that can't be validated once retrieved.
> >
> > Lets say that all data in the zone has a TTL of 3600.
> >
> > At T - 3500 you have retrieved the DNSKEY wh
>
>
> That paragraph from 4.1.4 is just plain wrong and following it will
> lead to cached data that can't be validated once retrieved.
>
> Lets say that all data in the zone has a TTL of 3600.
>
> At T - 3500 you have retrieved the DNSKEY while validating a MX RRset.
> At T - 100 you lookup a A re
In message
, Alexander Gurvitz writes:
> Hello
>
> Is it possible with BIND to perform "Single Type Signing Key rollover"
> as described in chapter 4.1.4 of rfc4641bis-11:
>
> (The idea is to have zone with single key instead of ZSK/KSK pair)
>
>There is a second variety of this rollover,
Hello
Is it possible with BIND to perform "Single Type Signing Key rollover"
as described in chapter 4.1.4 of rfc4641bis-11:
(The idea is to have zone with single key instead of ZSK/KSK pair)
There is a second variety of this rollover, during which one
introduces a new DNSKEY into the key
4 matches
Mail list logo
