Deprecating DNSSEC algorithms 5 (RSASHA1) and 7 (RSASHA1-NSEC3-SHA1)
Viktor Dukhovni
ietf-dane at dukhovni.org
Mon Apr 6 10:50:16 CEST 2020
> On Apr 6, 2020, at 4:45 AM, Hoggins! <fuckspam at wheres5.com> wrote:
>
> Agreed this ML is probably not made for that. I'll look on that side of
> course, but even if it's off-topic, I'm open for suggestions on what
> tools you folks use for automated keys rollover.
I've not looked too closely yet, but BIND 9.16 automates many
aspects of DNS key management, beyond the automatic zone signing
available in earlier versions.
Take a close look at BIND 9.16 documentation, try it out, and share
your impressions...
--
Viktor.
More information about the dane-users
mailing list