DNSSEC with 9.7.2-P2

Phil Mayers p.mayers at imperial.ac.uk
Fri Nov 12 15:59:35 UTC 2010

On 12/11/10 15:45, Lightner, Jeff wrote:

> For Production (RPM based system) you should use RHEL or CentOS which
> has a much longer life cycle.  (Speaking of which, RHEL6 was just put in

I don't agree with your line of reasoning. RHEL may have longer update 
cycles, but there's no guarantee a particular RHEL install will be 
applying updates in real-time, so the keys in the dnssec-conf package 
may still get out of date, or a RHEL install may run after it's 5-year 
update cycle ends.

I think the dnssec-conf package should have had a nightly cron job to 
refresh these keys, and it was a mistake to deploy without such.

Just my opinion of course.

More information about the bind-users mailing list