[Pdns-users] Migrate from zsk/ksk/rsa to csk/ecdsa
Oli Schacher
oli.schacher at switch.ch
Thu Aug 2 06:08:20 UTC 2018
On 29.07.18 17:12, Nicola Tiling wrote:
>
> "Publish the CDS records: pdnsutil set-publish-cds example.com, these records will tell the parent zone to update its DS records. Now wait for the DS records to be updated in the parent zone."
>
For CDS/CDNSKEY rollovers the parent zone has to support RFC8078 (
https://tools.ietf.org/html/rfc8078 ) . Currently, .cz is the the only
TLD supporting this mechanism. Other TLDs working on it. To add/update
DS records for a domain in the .net zone you'll have to update it
manually through your registrar's interface.
> If I publish the DS keys for a .net domain, will there be two DS hashes in the .net root zone after the TTL from 86400 runs off? And after that I can switch active/inactive keys? Or should the DS be immediately be found on a.gtld-servers.net? Or what should happen?
After adding the new DS it will eventually be published(I don't know how
often .net is reloaded) and both DS records will be visible after DS TTL
has expired.
Best regards
Oli
More information about the Pdns-users
mailing list