Description | This article describes what is the lifetime of the DNSSEC keys. |
Scope | FortiADC, FortiADC-VM. |
Solution |
When enabling DNSSEC, there is secure communication between the FortiADC DNS server and any child DNS servers. It is based on keys contained in delegation signer files (DSSET files).
In DNSSEC deployments, DSSET files are created automatically upon signing the zone through DNSSEC. These DNSSEC keys are perpetual and they never expire.
The DSSET key contains ZSK (Zone Signing Key) and KSK (Key-signing Key). |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.