The documentation is not 100% clear on how to roll keys over.. Am I right with this? Or can someone right up some better documentation than on http://doc.powerdns.com/dnssec-operational-doctrine.html
For ZSK Roll over.. pdnssec add-zone-key domain.co.nz zsk 2048 pdnssec show-zone domain.co.nz (to find newkey-id) pdnssec activate-zone-key domain.co.nz <newkey-id> Send new DS's to upstream (but don't delete the old one) Wait until the upstream has new DS's Remove old DS's from upstream (can I do this straight away after the upstream has it or can I just wait until I want the roll again to delete/deactivate) pdnsdec deactivate-zone-key domain.co.nz <oldkey-id> pdnsec remove-zone-key domain.co.nz <oldkey-id> KSK Roll Over pdnssec add-zone-key domain.co.nz ksk 1024 pdnssec show-zone domain.co.nz (to find newkey-id) pdnssec activate-zone-key domain.co.nz <newkey-id> pdnssec deactivate-zone-key domain.co.nz <oldkey-id> pdnssec remove-zone-key domain.co.nz <oldkey-id> Thanks Craig
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
