New on RIPE Labs: DNSSEC Algorithm Roll-over
6 Nov
2015
6 Nov
'15
3:18 p.m.
Dear colleagues, Rolling over the algorithm (usually to a stronger variant) used to sign a DNS zone isn't as easy as regular key roll-overs. This is because some DNSSEC validators are less forgiving than others, and fail validation unless the right combination of keys and signatures is present in a zone. This new article on RIPE Labs describes our experiences with DNSSEC algorithm roll-over: https://labs.ripe.net/Members/anandb/dnssec-algorithm-roll-over We hope that our experience will help others who may be considering doing this. Kind regards, Mirjam Kuehne RIPE NCC
3334
Age (days ago)
3334
Last active (days ago)
0 comments
1 participants
participants (1)
-
Mirjam Kuehne