[nsd-users] NSD and DNSSEC signature refreshing and ZSK rotation

Paul Wouters paul at nohats.ca
Thu Feb 15 17:26:45 UTC 2018

> On Feb 15, 2018, at 12:23, Michael A. Peters <mpeters at domblogger.net> wrote:

> ZSK is easy but ZSK should be 1024-bit to keep DNS responses small,

There is no proof this is needed or required.

And strong reasons to not use 1024 RSA anymore. The root ZSK is now 2048 with no issues reported.


More information about the nsd-users mailing list