ZSK rollover weirdness
Evan Hunt
each at isc.org
Fri Sep 6 17:22:26 UTC 2013
> The current ZSK is 44538
>
> ; This is a zone-signing key, keyid 44538, for ksu.edu.
[...]
> ; Revoke: 20131202090000 (Mon Dec 2 03:00:00 2013)
The revoke bit has no defined meaning for a ZSK. It's used for updating
trust anchors via RFC 5011. The code allows you to set it (just as it
allows you to use a ZSK as a KSK), but I don't recommend it.
Unless there are resolvers that have managed-key trust anchors configured
for ksu.edu, you shouldn't bother with the revoke bit for your KSK either.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list