So I guess my DS record has the same TTL as my default TTL for my records? My default is 8 hours, so if I wait 8 hours after I remove the DS from my parent zone then I should be ok? My parent zone is a TLD(.edu).
-----Original Message----- From: bind-users-bounces+eric=rockefeller....@lists.isc.org [mailto:bind-users-bounces+eric=rockefeller....@lists.isc.org] On Behalf Of Georg Kahest Sent: Tuesday, January 07, 2014 10:12 AM To: bind-users@lists.isc.org Subject: Re: Disable DNSSEC On 01/07/2014 05:01 PM, Eric Davis wrote: > My DNS appliances are not well-suited for this yet, so I want to > disable DNSSEC for my for domain. Anyone know the proper steps to > take and what order if there is any order? I have a DS record in my > parent domain. Do I need to remove that first? Thanks in advance. > > Eric > > > > _______________________________________________ Please visit > https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > bind-users mailing list bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > Yes, first remove the DS from parent zone, then wait for the DS ttl to expire and then you can start removing DNSKEY's from your zone. -- Georg _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
