[sf-lug] SF-LUG DNSSEC keys (including KSK) rolled over
Michael Paoli
michael.paoli at berkeley.edu
Thu Oct 10 13:39:29 PDT 2024
And, thanks also to Al,
DNSSEC keys (including KSK) have been rolled over on all the SF-LUG
domains:
sf-lug.org sflug.org sf-lug.com sflug.com sf-lug.net sflug.net
Thanks also to ISC.org BIND's dnssec-policy,
ZSKs will now be regularly (about every 30 days) rolled over.
KSK ought be rolled over about yearly. Theoretically, at least in
future, that'll happen and be automated too - notably via RFC 7344.
But alas, though some domains and registrars support RFC 7344, many
don't, at least yet, support it, so until then, that requires some
manual actions to roll over KSK keys.
And with some registrars, even without RFC 7344, quite easy enough.
Other registrars, not so much.
references:
https://dnsviz.net/d/sf-lug.org/Zwgq8g/dnssec/
https://dnsviz.net/d/sf-lug.org/ZvP2JQ/dnssec/
https://dnsviz.net/d/sflug.org/Zwgq-Q/dnssec/
https://dnsviz.net/d/sflug.org/Zvodxw/dnssec/
https://dnsviz.net/d/sf-lug.com/ZwgqqA/dnssec/
https://dnsviz.net/d/sf-lug.com/ZvGgLQ/dnssec/
https://dnsviz.net/d/sflug.com/Zwgqzw/dnssec/
https://dnsviz.net/d/sflug.com/ZvGiWw/dnssec/
https://dnsviz.net/d/sf-lug.net/Zwgq4Q/dnssec/
https://dnsviz.net/d/sf-lug.net/ZvGiNA/dnssec/
https://dnsviz.net/d/sflug.net/Zwgq6A/dnssec/
https://dnsviz.net/d/sflug.net/ZvFnFA/dnssec/
https://www.wiki.balug.org/wiki/doku.php?id=system:registrars
More information about the sf-lug
mailing list