[Pdns-users] Migrate from zsk/ksk/rsa to csk/ecdsa

Nicola Tiling nti at w4w.net
Sun Jul 29 14:17:46 UTC 2018


I want to migrate my old original bind generated dnssec zsk/ksk keys to powerdns csk with new ecdsa algorithm.

I’ve created a new inactive key

	pdnsutil add-zone-key example.com ksk inactive 256 ECDSAP256SHA25

and can see the inactive csk with "pdnsutil show-zone“ as expected.

But I'm unsure what is the next step. Should I publish the new DS Keys as described here


And/Or what else should be done?

Thankful for any hints

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20180729/830f65ab/attachment.sig>

More information about the Pdns-users mailing list