Hello, I’m wanting to go ahead and look at migrating to dnssec-policy for my zones. I currently use “auto-dnssec maintain” and “inline-signing yes”. I also have a “stack” of ZSKs I made that all nicely overlap with their various date settings. I think I made these out to sometime in 2024.
In addition to all the info here: https://kb.isc.org/docs/dnssec-key-and-signing-policy Do I need to / should I do something to this stack of keys ? I was thinking maybe take the most “current” key, and remove his expiration etc. Then (after a backup of course), delete the other future keys ? In other words, I can’t imagine I’d want to mix the “old way” of managing these / rollovers with the new. Hopefully this makes sense. Thanks for any guidance or insight. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
