DNSSEC



I'm currently working on setting up DNSSEC for all our zones. I have a question regarding keys. Do you use different ZSK and KSKs for each zone? Or do you use the same keys for all zones? How do you handle the reverse zones since they can be comprised of many different domain names?

If you have:

abc.com
def.com

123.451.234.in-addr.arpa
234.512.341.in-addr.arpa
345.123.451.in-addr.arpa

Do you just sign with one pair of keys for all zones?

---------------------------------------------------------
Gary L. Paveza, Jr.
Technical Specialist - Architecture - HP CSE, SCSA

21st Century Insurance and Financial Services
3 Beaver Valley Road Wilmington Delaware 19803
Phone 302.252.4831




.