DNSSEC Key Rolling

Discussion in 'Installation/Configuration' started by speedracer05, Apr 23, 2017.

  1. speedracer05

    speedracer05 New Member

    Hello,
    Can you tell me how you handle the key rolling of DNSSEC zones so they don't expire? Do you do the key rolling via a cronjob? Or, do you not do key rolling and users need to install something like rollerd or setup BIND with auto-dnssec maintain?

    Thank you!
     
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    It's been a bit since I looked at this, but that is automated via a cronjob; it seems like the KSK had a quite long expiration, enough that I mentally categorized it as, "oh, well no need to worry about that."

    Note that ISPConfig's DNSSEC does not currently support mirrored dns servers, and will be / is being rewritten to accommodate that. I don't know the status of that offhand, and I don't expect it will change the "keys are rolled via cronjob," but I suppose it could, and will certainly change the details of what happens.
     
  3. speedracer05

    speedracer05 New Member

    Thanks for the quick response. It's nice to know that the DNSSEC mirroring will be supported in the future.
    Thanks!
     

Share This Page