[Pdns-users] Automated DNSSEC Keyrollover
Adrian Kägi
aka at nts.ch
Thu May 5 07:35:56 UTC 2022
Good day
We use pDNS since a couple of years with a great success in a ISP environment.
For DNSSEC implementation i made a lab Setup like:
- pdns v 4.7.0 - alpha1
- DNS Multimaster Setup
- Mysql Replication master-> slaves
DNSSEC can be enabled with API call and/or pdnsutil. As our registry accept CDS records, we have a comftable way to establish the chain of trust.
Now i like to rollover the ZSK and of course the KSK on a periodical manner.
I am aware of this two howtos:
https://doc.powerdns.com/authoritative/guides/zskroll.html
https://doc.powerdns.com/authoritative/guides/kskroll.html
Is this the only way for a Key Rollover? Sorry, if i am missed out something in the Docs!
With hunderts of DNSSEC Domains, the rollover must be automated.
I cloud not find any tested scripts/howto-do-it-in-reallife for pDNS Rollovers...
How is the pDNS way for a keyrollover in a environment with >100 Domains? ... Life o a Admin... ;)
Thank you very much for your input!
Best regards
Adrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220505/cf329a4d/attachment.htm>
More information about the Pdns-users
mailing list