If nothing changes, only the SOA serial will be incremented on resign.
The signatures don't 'have' to be renewed every 30 days, you can resign
as often as you want / need.
regards
~Carlos
On 4/11/13 9:14 AM, hugo hugoo wrote:
> Hello,
>
> Can anyone tell me why signatures in dnssec mut be ren
Alan Clegg wrote:
>
> I use dynamic zones and never concern myself with expired signatures.
> You can also use inline signing to remove this "hassle".
Yes!
> Better solution: Sign them more often. Why not sign them twice a day?
> I personally don't think that extending the signature validity p
On Apr 11, 2013, at 8:34 AM, Noel Butler wrote:
> Sign them for longer, I typically use 90 days
>
> On Thu, 2013-04-11 at 12:14 +, hugo hugoo wrote:
>> Hello,
>>
>> Can anyone tell me why signatures in dnssec mut be renewed every 30 days?
>> What are the modifications made on a zone with
hugo hugoo wrote:
> Can anyone tell me why signatures in dnssec mut be renewed every 30
> days?
The limited lifetime of the signatures reduces your exposure to a replay
attack. After the signature has expired an attacker cannot fool a victim
by giving them the stale data.
> What are the modific
Sign them for longer, I typically use 90 days
On Thu, 2013-04-11 at 12:14 +, hugo hugoo wrote:
> Hello,
>
> Can anyone tell me why signatures in dnssec mut be renewed every 30
> days?
> What are the modifications made on a zone with a resign?
>
> Thanks in advance for the clarifications.
>
Hello, Can anyone tell me why signatures in dnssec mut be renewed every 30
days?What are the modifications made on a zone with a resign? Thanks in advance
for the clarifications. Hugo, ___
Please visit https://li
6 matches
Mail list logo
