[nsd-users] NSD and DNSSEC signature refreshing and ZSK rotation

Paul Wouters paul at nohats.ca
Thu Feb 15 17:26:45 UTC 2018

Previous message (by thread): [nsd-users] NSD and DNSSEC signature refreshing and ZSK rotation
Next message (by thread): [nsd-users] NSD and DNSSEC signature refreshing and ZSK rotation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Feb 15, 2018, at 12:23, Michael A. Peters <mpeters at domblogger.net> wrote:

> ZSK is easy but ZSK should be 1024-bit to keep DNS responses small,

There is no proof this is needed or required.

And strong reasons to not use 1024 RSA anymore. The root ZSK is now 2048 with no issues reported.

Paul

Previous message (by thread): [nsd-users] NSD and DNSSEC signature refreshing and ZSK rotation
Next message (by thread): [nsd-users] NSD and DNSSEC signature refreshing and ZSK rotation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the nsd-users mailing list