[Freeipa-devel] DNSSEC design page
Simo Sorce
simo at redhat.com
Tue Feb 25 14:29:36 UTC 2014
On Tue, 2014-02-25 at 13:58 +0100, Petr Spacek wrote:
> I'm sorry for not being clear. I don't insist on splitting it to
> multiple
> attributes as long as we are able to reconstruct BIND key files.
>
> "This is just one long string stored in normal idnsZone object." was
> meant as
> "we can re-use DNSKEY records as currently defined".
>
I personally favor using the defined DNSKEY records, as this is future
proof. If the spec changes in future it will have to be backwards
compatible, meaning we will be able to also follow the DNSSEC spec w/o
major changes to our data.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list