[Pdns-users] dnssec workflow

mike+lists at yourtownonline.com mike+lists at yourtownonline.com
Mon Jan 14 18:22:22 UTC 2019


    I have been experimenting with dnssec and powerdns. I have a domain
singed, ds records at my registrar, all looks good and it passes tests
on various dnssec validation sites. What Im not clear about however, is
what is the workflow needed for ongoing maintenance? I don't understand
automatic key expiration and whether or if I must care. Also, I don't
see why or if I need to care about having zsk and ksk in my zone; seems
to work without, unless these are pertaining to domains I sub-delegate?
And, if I decide that my existing ds at my registrar has aged
sufficiently, what is the procedure for replacement that keeps my domain
valid thru the rollover?

    Im sorry, it's just that some of these topics are not really covered

Thank you.


More information about the Pdns-users mailing list