DNSSEC Key File
(DNSSEC Sign Zone dialog -> Create/Edit button)
Copyright © 1999-2011 JH Software ApS
DNSSEC Key File (DNSSEC Sign Zone dialog -> Create/Edit button) |
Simple DNS Plus v. 5.2 Copyright © 1999-2011 JH Software ApS |
|
This dialog is used to create/maintain a DNSSEC key file.
| • | Key sets A list of DNSSEC key sets. A zone which is signed using this key file will be signed with each of the key sets listed here. Click the Add/Edit buttons to create/maintain individual key sets in the DNSSEC Key Set dialog. |
| • | Encrypt private keys for key sets Specify which private keys should be encrypted - None, All, or KSK only. Specify a password by clicking the Password button. You will be prompted for the password when signing a zone and one of the encrypted private keys are needed. Note: Only encrypting KSK key sets makes it possible to re-sign a zone without the password as long as none of the key sets are changed/added/removed. For example, an assistant could re-sign the zone as needed when records were changed etc, but it would require a manager who knows the password to add/remove/update any key sets. |
| • | NSEC3 When checked, NSEC3-records will be used instead of NSEC-records. See DNSSEC for details. |
| • | Salt length Length of random salt value used in calculation of NSEC3 record-names. |
| • | Iterations The number of times NSEC3 record-names are hashed. Note that while using multiple iteration increases security, it also puts additional load on the DNS server serving the zone because it has to calculate this for every single DNS request for non-existing records. |