search for: nsec3rsasha1

...ntact Godaddy but I suspect I am SOL but thought I would ask here thinking somebody else may have already run into this issue. 2.) Assuming the answer to DNSSEC is no, can I at least have the keys last longer than they do by default. I am presently creating the keys via: > dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE zone > dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE zone It is very unclear to me given the dnssec-keygen man page how to set the date so that I could get 90 days or even more per key. The descriptions I found about constructing rolling keys was even more cryptic to...

...don't know, I use ldns to sign my zone files and upload them to my own authoritative nameserver. > > 2.) Assuming the answer to DNSSEC is no, can I at least have the keys > last longer than they do by default. I am presently creating the keys via: > > > dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE zone > > > dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE zone It's not the keys that are the issue, but the RRSIG record that contains a start and expiration time for the records. If you upload signed zone files to godaddy, make sure to resign once a week o...

...21 23:49:14 dc-cloud named[637]: adjusted limit on open files from 524288 to 1048576 Jul 21 23:49:14 dc-cloud named[637]: found 4 CPUs, using 4 worker threads Jul 21 23:49:14 dc-cloud named[637]: using 4 UDP listeners per interface Jul 21 23:49:14 dc-cloud named[637]: DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448 Jul 21 23:49:14 dc-cloud named[637]: DS algorithms: SHA-1 SHA-256 SHA-384 Jul 21 23:49:14 dc-cloud named[637]: HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512 Jul 21 23:49:14 dc-cloud named[637]...