I read several articles regarding algorithm rollover,
including:
* https://www.dns.cam.ac.uk/news/2020-01-15-rollover.html
*
https://downloads.isc.org/isc/bind9/9.16.6/doc/arm/html/advanced.html#dnssec-dynamic-zones-and-automatic-signing
Unfortunat
On 6.4.2022 8:52, Daniel Stirnimann wrote:
Hello Danilo,
A simple schema to change DNSSEC algorithms is as follows:
1. Add new KSK/ZSK and double sign DNSKEY and all zone RRs
with both the new and old algorithm
2. Replace DS at parent
3. Remove old DNSKEY and all RRSIGs from the old algorit
Hi Danilo,
I think the way you have describe should work. But can I ask what source
this recipe has? I have seen recently similar signing in one of our
test. I guess this should be from public recipe. Would you share its
origin, please?
I would recommend having DNS server do the job of maintainin
3 matches
Mail list logo
