Changes between Version 5 and Version 6 of LargeScaleDNSSECBCP

Show
Ignore:
Timestamp:
07/09/12 08:58:50 (11 months ago)
Author:
peter
Comment:

soa-edit

Legend:

Unmodified
Added
Removed
Modified

  • LargeScaleDNSSECBCP

    v5 v6  
    4141   AXFR a signed zone, but not perform DNSSEC processing on it. This goes for PowerDNS 2.9.x 
    4242 
    43  * Key rollovers. PowerDNS automatically renews the RRSIGs (the signatures for your DNS data), so you don't need to do anything. There are documents which tell you to roll your DNS keys frequently, although it is now believed such automatic rolling is not required. In any case, if you are doing a large scale migration, it is advised to initially not roll keys until the dust has settled. 
     43 * Key rollovers. PowerDNS automatically renews the RRSIGs (the signatures for your DNS data), so you don't need to do anything (but look at SOA-EDIT if you have non-PowerDNS AXFR slaves). There are documents which tell you to roll your DNS keys frequently, although it is now believed such automatic rolling is not required. In any case, if you are doing a large scale migration, it is advised to initially not roll keys until the dust has settled. 
    4444 
    4545== Generic DNSSEC related ==