Actions
Task #5813
closedResearch whether DNSSEC with NSEC5 is interesting for us
Start date:
10/11/2018
Due date:
01/18/2019
% Done:
0%
Estimated time:
PM Check date:
01/28/2019
Description
- dnssec-old led to zone walking
- dnssec with nsec3 requires online signing -> private key on dns servers
- dnssec with nsec5 sounds promising, but we need to investigate whether
- bind9 on our servers properly supports it
- there are no other attacks against nsec5
- nsec5 is actually usable within .ch domain
Actions