Hi I want to migrate my old original bind generated dnssec zsk/ksk keys to powerdns csk with new ecdsa algorithm.
I’ve created a new inactive key
pdnsutil add-zone-key example.com ksk inactive 256 ECDSAP256SHA25
and can see the inactive csk with "pdnsutil show-zone“ as expected.
But I'm unsure what is the next step. Should I publish the new DS Keys as
described here
https://doc.powerdns.com/authoritative/guides/kskrollcdnskey.html
And/Or what else should be done?
Thankful for any hints
Nicola
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
