[Pdns-users] DNSSEC Algorithm Rollover Documentation
Klaus Darilion
klaus.darilion at nic.at
Tue May 4 20:44:26 UTC 2021
Hi Daniel!
> -----Ursprüngliche Nachricht-----
> Von: Daniel Stirnimann <daniel.stirnimann at switch.ch>
> Gesendet: Montag, 3. Mai 2021 11:27
> An: Klaus Darilion <klaus.darilion at nic.at>; Pdns-
> users at mailman.powerdns.com
> Betreff: Re: [Pdns-users] DNSSEC Algorithm Rollover Documentation
>
> Hello Klaus,
>
> The DNSSEC Operational Practices (RFC 6781) documents this in chapter
> 4.1.4 Algorithm Rollovers:
> https://tools.ietf.org/html/rfc6781#section-4.1.4
>
> The document mentions both a conservative and a liberal approach.
Thanks - the description of the conservative approach makes clear why the "published" column in PDNS was introduced: I guess active=1 and publish=0 means that RRSIG will be produced but the key itself is not published as DNSKEY.
regards
Klaus
More information about the Pdns-users
mailing list