On Wed, Feb 24, 2021 at 6:57 PM Brian Dickson <brian.peter.dick...@gmail.com> wrote:
> > That's not possible. The DS records are on the parent side (TLD) and the > TTL is set by the TLD per whatever their standard policy is. Same for > RRSIGs over those DS records. > That's fine. I meant the TTLs of the ZSKs and zone contents. Switching from provider A to provider B, the sequence would be 1. Set all TTLs in the zone to zero 2. Wait 3. Copy zone to provider B 4. Add DS for B's keys to the parent 5. Wait 6. Add B's NS to the parent 7. Remove A's NS from the parent 8. Wait 9. Remove DS for A's keys from the parent 10. Set zone TTLs to > 0 >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
