Hey @weppos, this is gonna lead to lots of downtime and people turning off DNSSEC. It's also bad to train people to make changes like this in response to emails. Surely there's a better way?
-
-
That said, I'm very skeptical that the security value of rotating the KSK every 90 days outweighs the cost to usability and availability when automation is not available. I would suggest not rotating the KSK unless you're the registrar or the registry supports CDS and CDNSKEY.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.