[Pdns-users] Automated DNSSEC Keyrollover

Adrian Kägi aka at nts.ch
Thu May 5 07:35:56 UTC 2022

Good day
We use pDNS since a couple of years with a great success in a ISP environment.
For DNSSEC implementation i made a lab Setup like:
- pdns v 4.7.0 - alpha1
- DNS Multimaster Setup
- Mysql Replication master-> slaves

DNSSEC can be enabled with API call and/or pdnsutil. As our registry accept CDS records, we have a comftable way to establish the chain of trust.

Now i like to rollover the ZSK and of course the KSK on a periodical manner.
I am aware of this two howtos:

Is this the only way for a Key Rollover? Sorry, if i am missed out something in the Docs!
With hunderts of DNSSEC Domains, the rollover must be automated.

I cloud not find any tested scripts/howto-do-it-in-reallife for pDNS Rollovers...
How is the pDNS way for a keyrollover in a environment with >100 Domains? ... Life o a Admin... ;)

Thank you very much for your input!
Best regards

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220505/cf329a4d/attachment.htm>

More information about the Pdns-users mailing list