moving DNSSEC to a hidden master

Sten Carlsen stenc at
Wed Oct 2 01:04:38 UTC 2013

On 02/10/13 02.47, Alan Clegg wrote:
> On Oct 1, 2013, at 8:27 PM, David Newman <dnewman at> wrote:
>> On 10/1/13 2:16 PM, David Newman wrote:
>>> Is there a recommended order of operations when moving DNSSEC-enabled
>>> nameservers to a hidden-master setup?
>> Actually, this is really a more general question: Is there a recommended
>> order of operations when migrating zones between any two DNSSEC-enabled
>> nameservers, assuming the same version of bind on each?
> Eh... I'm not sure what the complexity here is.
> Set the "new" machine up as a slave, use the standard axfr mechanism to replicate the zones, move the keying material and then convert the new system form slave to master while taking the existing master off-line.
> What am I missing?
I believe that was the question, what is missing here - if anything.
Seems too easy, there has to be a catch.
Anything to do to catch up on internal states, How to be sure the new
master will continue exactly as the old one had done. Maybe it is that
simple, that would be great, but if you are not sure, it is a good
question to ask.
> AlanC
> _______________________________________________
> Please visit to unsubscribe from this list
> bind-users mailing list
> bind-users at

Best regards

Sten Carlsen

No improvements come from shouting:


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list