[Pdns-users] Rolling Keys Over
Craig Whitmore
lennon at orcon.net.nz
Mon Jun 13 03:05:32 UTC 2011
The documentation is not 100% clear on how to roll keys over.. Am I right
with this? Or can someone right up some better documentation than on
http://doc.powerdns.com/dnssec-operational-doctrine.html
For ZSK Roll over..
pdnssec add-zone-key domain.co.nz zsk 2048
pdnssec show-zone domain.co.nz (to find newkey-id)
pdnssec activate-zone-key domain.co.nz <newkey-id>
Send new DS's to upstream (but don't delete the old one)
Wait until the upstream has new DS's
Remove old DS's from upstream (can I do this straight away after the
upstream has it or can I just wait until I want the roll again to
delete/deactivate)
pdnsdec deactivate-zone-key domain.co.nz <oldkey-id>
pdnsec remove-zone-key domain.co.nz <oldkey-id>
KSK Roll Over
pdnssec add-zone-key domain.co.nz ksk 1024
pdnssec show-zone domain.co.nz (to find newkey-id)
pdnssec activate-zone-key domain.co.nz <newkey-id>
pdnssec deactivate-zone-key domain.co.nz <oldkey-id>
pdnssec remove-zone-key domain.co.nz <oldkey-id>
Thanks
Craig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20110613/a60cf9c7/attachment.html>
More information about the Pdns-users
mailing list