* Matthijs Mekking [2023-06-02 14:10]:
> Did you wait until the migration was complete? Everything needs to be
> omnipresent after the migration before you can making DNSSEC policy changes
> safely.
Well there was no easy way to tell if migration was complete, there
were no indications if the DS
Hi,
On 6/2/23 13:53, Sebastian Wiesinger wrote:
Hi,
I recently moved from auto-dnssec to dnssec-policy and after the
switch I tried to change a zone from an RSA ZSK/KSK to an ECDSA CSK.
When I changed the dnssec-policy from rsa to ecdsa-csk the old keys
immediately got removed which lead to a
Hi,
I recently moved from auto-dnssec to dnssec-policy and after the
switch I tried to change a zone from an RSA ZSK/KSK to an ECDSA CSK.
When I changed the dnssec-policy from rsa to ecdsa-csk the old keys
immediately got removed which lead to a bogus DNSSEC for the zone. I
was expecting a
3 matches
Mail list logo
