[Opendnssec-user] Why do we need standby keys?

Mathieu Arnold mat at mat.cc
Thu Jul 8 09:55:57 UTC 2010

(checking, no, not April 1st)

+--On 8 juillet 2010 11:26:48 +0200 Rickard Bellgrim
<rickard.bellgrim at iis.se> wrote:
| Do you agree that standby keys is out of scope for OpenDNSSEC and is
| something that can be handled by the system administrator and the
| security officer?

Well, I'd rather have the possibility of having the choice, OpenDNSSEC
makes it very easy to handle standby keys. If we wanted to do things
ourselves, we would have stayed with our in house brewed scripts, which
were not working that bad :-)

We have thousands of domains (with only about a hundred signed right now)
and I can't add the weight of having to handle keys manually to my

I do get your point, but nobody forces you to use OpenDNSSEC's standby keys
capabilities :-)

Mathieu Arnold

More information about the Opendnssec-user mailing list