Hello Klaus, The DNSSEC Operational Practices (RFC 6781) documents this in chapter 4.1.4 Algorithm Rollovers: https://tools.ietf.org/html/rfc6781#section-4.1.4
The document mentions both a conservative and a liberal approach. You can follow the liberal approach as by now all software handle this case correctly. It has even been done by TLDs. Tony Finch has also documented how to do an algorithm rollover, https://www.dns.cam.ac.uk/news/2020-01-15-rollover.html Daniel On 03.05.21 10:25, Klaus Darilion via Pdns-users wrote: > Hi all! > > Is there somewhere documentation for an algorithm rollover? > > The cryptokeys table recently received the "published" column to "Implement > published and unpublished dnskeys to allow algorith rollovers.": > https://github.com/PowerDNS/pdns/commit/3391829938b4544a59c93c4734532ce2fdc311bf#diff-de175d2b28860458f7c4a143ab82aa94b44e5ac11fc51008fb4ac9b414130f91 > > But I do not find any documentation when to "publish" or "unpublish" a key > during an algorithm rollover. In may case the key handling is completely > outside of PDNS. > > Thanks > Klaus > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users > -- SWITCH Daniel Stirnimann, SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 15, direct +41 44 268 16 24 daniel.stirnim...@switch.ch, www.switch.ch _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
