DNSSEC with 9.7.2-P2
Phil Mayers
p.mayers at imperial.ac.uk
Fri Nov 12 15:59:35 UTC 2010
On 12/11/10 15:45, Lightner, Jeff wrote:
> For Production (RPM based system) you should use RHEL or CentOS which
> has a much longer life cycle. (Speaking of which, RHEL6 was just put in
I don't agree with your line of reasoning. RHEL may have longer update
cycles, but there's no guarantee a particular RHEL install will be
applying updates in real-time, so the keys in the dnssec-conf package
may still get out of date, or a RHEL install may run after it's 5-year
update cycle ends.
I think the dnssec-conf package should have had a nightly cron job to
refresh these keys, and it was a mistake to deploy without such.
Just my opinion of course.
More information about the bind-users
mailing list