<html>Good day<br />We use pDNS since a couple of years with a great success in a ISP environment.<br />For DNSSEC implementation i made a lab Setup like:<br />- pdns v 4.7.0 - alpha1<br />- DNS Multimaster Setup<br />- Mysql Replication master-> slaves<br /><br />DNSSEC can be enabled with API call and/or pdnsutil. As our registry accept CDS records, we have a comftable way to establish the chain of trust.<br /><br />Now i like to rollover the ZSK and of course the KSK on a periodical manner.<br />I am aware of this two howtos:<br />https://doc.powerdns.com/authoritative/guides/zskroll.html<br />https://doc.powerdns.com/authoritative/guides/kskroll.html<br /><br />Is this the only way for a Key Rollover? Sorry, if i am missed out something in the Docs!<br />With hunderts of DNSSEC Domains, the rollover must be automated.<br /><br />I cloud not find any tested scripts/howto-do-it-in-reallife for pDNS Rollovers...<br />How is the pDNS way for a keyrollover in a environment with >100 Domains? ... Life o a Admin... ;)<br /><br />Thank you very much for your input!<br />Best regards<br />Adrian<br /><br /> </html>