[Pdns-users] DNSSEC Algorithm Rollover Documentation

Klaus Darilion klaus.darilion at nic.at
Tue May 4 20:44:26 UTC 2021

Hi Daniel!

> -----Ursprüngliche Nachricht-----
> Von: Daniel Stirnimann <daniel.stirnimann at switch.ch>
> Gesendet: Montag, 3. Mai 2021 11:27
> An: Klaus Darilion <klaus.darilion at nic.at>; Pdns-
> users at mailman.powerdns.com
> Betreff: Re: [Pdns-users] DNSSEC Algorithm Rollover Documentation
> Hello Klaus,
> The DNSSEC Operational Practices (RFC 6781) documents this in chapter
> 4.1.4 Algorithm Rollovers:
> https://tools.ietf.org/html/rfc6781#section-4.1.4
> The document mentions both a conservative and a liberal approach. 

Thanks - the description of the conservative approach makes clear why the "published" column in PDNS was introduced: I guess active=1 and publish=0 means that RRSIG will be produced but the key itself is not published as DNSKEY.


More information about the Pdns-users mailing list