Forum Discussion

Cirrocumulus

Jul 12, 2017

DNSSEC - Zone Signing and Key Signing Keys

I'm looking into using DNSSEC for our Wide-Ips. I've got the signing working for our UAT records but now I'm more interested in the best practices for the Zone Signing and Key Signing Keys as well a...

BIG-IP DNS

security

Leonardo_Souza

Cirrocumulus

Jul 14, 2017

Have you read this link?

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-dns-services-implementations-13-0-0/6.html

I don't play with DNSSEC very often, but let me try answer the questions:

What is the function of the rollover period in relation to the expiration period?

Rollover period is when both keys are valid.

What is the best practice value for the rollover period?

The manual talks about 21 days.

What happens once the Expiration Period ends? Will I need to recreate the keys?

You should had already created a second key before that, during the rollover period, so that key should be valid.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

DNSSEC - Zone Signing and Key Signing Keys

Introducing the F5 Application Study Tool (AST)

Displaying Application Study Tool (AST) Dashboards in Your Own Grafana Instance

Recent Discussions

Audit Logging on LTM and GTM

Change Content-Type from application/octet-stream to multipart/form-data

Problem with sending BotDefense logs to remote server

What dose "Accept" do in BIG-IP ASM event logs

OSPF traps on BIG-IP v14

Related Content

AS3 signed rpms

POC: Create and sign a JWT with iRule

APM Cookbook: Single Sign On (SSO) using Kerberos

Configuring BIG-IP for Zone Transfer and DNSSEC

High Performance HMAC Cookie Signing

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS