moving DNSSEC to a hidden master
marka at isc.org
Wed Oct 2 01:42:36 UTC 2013
As Alan said copy the .key and .private files over.
Disable updating on the old master.
Transfer the zone contents by setting up as a slave
using "masterfile-format text"; or using by using dig.
This will give you the most up to date version of the
dig axfr zone +onesoa @oldmaster
Check that the new server is working and you can update
the zone by using nsupdate.
Convert the old master server into a slave.
Update the other slaves to talk to a new master.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users