# dnssec: trust anchor



## uisge (Feb 2, 2015)

Hi --

I am interested in making my postfix mailserver secured by DANE, and thus, I am starting to investigate dnssec. After having read some documentation about dnssec, I do have a rudimentary knowledge about it.

But, before installing dns/opendnssec I am left with an unanswered question:_ How often does one need to renew the trust anchor at the parent zone?_

If I do understand the documentation of dns/opendnssec correctly, I will end with an automatic key rollover process, except one *manual* process: uploading the trust anchor to the parent zone.

Thanks in advance


----------

