Hi "Publish the CDS records: pdnsutil set-publish-cds example.com, these records will tell the parent zone to update its DS records. Now wait for the DS records to be updated in the parent zone."
If I publish the DS keys for a .net domain, will there be two DS hashes in the .net root zone after the TTL from 86400 runs off? And after that I can switch active/inactive keys? Or should the DS be immediately be found on a.gtld-servers.net? Or what should happen? > Hi > > I want to migrate my old original bind generated dnssec zsk/ksk keys to > powerdns csk with new ecdsa algorithm. > > I’ve created a new inactive key > > pdnsutil add-zone-key example.com ksk inactive 256 ECDSAP256SHA25 > > and can see the inactive csk with "pdnsutil show-zone“ as expected. > > But I'm unsure what is the next step. Should I publish the new DS Keys as > described here > > https://doc.powerdns.com/authoritative/guides/kskrollcdnskey.html > > And/Or what else should be done? > > Thankful for any hints > Nicola > > >
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
