[Dnssec-deployment] SOA serial number changes on resigning thoughts

Robert Edmonds edmonds at isc.org
Thu Feb 3 18:11:44 EST 2011


bert hubert wrote:
> My original thoughts are below. In addition, a 'stateful' solution is of
> course possible where a wholly new serial number is invented.

other than sentimental reasons about encoding a particular meaning in
the SOA serial field, is there any particularly good reason in
attempting to share the SOA serial sequence space between the original
unsigned master and the signed intermediary?  sequence space arithmetic
would let you de-couple the SOA serial when you introduce the signed
intermediary.

-- 
Robert Edmonds
edmonds at isc.org


More information about the Dnssec-deployment mailing list