moving DNSSEC to a hidden master

Mark Andrews marka at
Wed Oct 2 01:42:36 UTC 2013

As Alan said copy the .key and .private files over.

Disable updating on the old master.

Transfer the zone contents by setting up as a slave
using "masterfile-format text"; or using by using dig.
This will give you the most up to date version of the

	dig axfr zone +onesoa @oldmaster

Check that the new server is working and you can update
the zone by using nsupdate.

Convert the old master server into a slave.

Update the other slaves to talk to a new master.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the bind-users mailing list