[Pdns-users] Automated DNSSEC Keyrollover

Adrian Kägi aka at nts.ch
Fri May 6 06:51:04 UTC 2022

Seems all Admins are cooking their own soup. ;)
wouldn't be nice, if there were a opensource "script" for keyrollovers?!
Signing a zone is easy, but the propper maintaining seems to be a hassle...

Now i have some Holidays, where i can think about a FOSS keyrollover Project...


On Thu. 5. May 2022 22:53 CEST, Florian Obser via Pdns-users <pdns-users at mailman.powerdns.com> wrote:
 On 2022-05-05 18:45 +02, Jan-Piet Mens via Pdns-users <pdns-users at mailman.powerdns.com> wrote:
> I haven't looked recently, but it might well be possible with a judicious use of
> pdnsutil(1) to kick a rollover; create new key, wait, remove old keys.

I have done algorithm rolls for my domains using pdnsutil(1). So it can
be done, but it felt like banging rocks together.
It's somewhere on my todo list to write something that uses the api to
automate this. I do hope that someone beats me to it though.

I'm not entirely sure you are real.
Pdns-users mailing list
Pdns-users at mailman.powerdns.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220506/b7eb438e/attachment.htm>

More information about the Pdns-users mailing list