DNSSEC Best Practices

• Previous message (by thread): DNSSEC Best Practices
• Next message (by thread): DNSSEC Best Practices
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 27, 2021 at 12:34 PM Eric Germann via NANOG <nanog at nanog.org>
wrote:

> Does anyone have a pointer to a good resource for current best practices
> for deployment of DNSSEC, preferably newer than RFC6781?
>
> What algorithms do you typically sign with (RSASHA256, ECDSAP256SHA256,
> both, something other)?
>
> Feel free to little r me off list if you wish
>

Probably best not to deploy it since it does not solve any practical
problems, yet makes huge ddos possible via dns reflection attacks.


> —
> Eric Germann
> ekgermann (at) semperen.com
> LinkedIn: https://www.linkedin.com/in/ericgermann
>
> GPG Fingerprint: 89ED 36B3 515A 211B 6390  60A9 E30D 9B9B 3EBF F1A1
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210427/1402df49/attachment.html>

• Previous message (by thread): DNSSEC Best Practices
• Next message (by thread): DNSSEC Best Practices
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]