Hi! I need to import dnskeys (KSKs & ZSKs) from an existing zone to my own zone. This needs to be done due to a name server change without breaking the chain of trust according to RFC6781 - Section 4.3.5. "Changing DNS Operators"
I read in the KNon documentation that manual added dnskeys will be removed when the zone gets signed: "Updating the DNSKEY records. The whole DNSKEY set in zone apex is replaced by the keys from the KASP database. Note that keys added into the zone file manually will be removed. To add an extra DNSKEY record into the set, the key must be imported into the KASP database (possibly deactivated)." So I need to import these keys into the KASP via the keymgr tool, right? There is the "keymgr import-pub" method that expects a key in BIND format. Is that the appropriate method for my task? If so, how do I convert a DNSKEY Record into a Bind public key file? Thanks a lot! Thomas -- https://lists.nic.cz/mailman/listinfo/knot-dns-users
