BIND9 DNSSEC algorithm rollover for inline-signed zone
sebastian at karotte.org
Thu Oct 6 20:57:13 UTC 2016
is there a guide for an algorithm rollover with BIND9 for an
inline-signed zone? I want to roll from RSA to ECDSA but I'm unable to
find a good guide for it. I already looked at the ISC DNSSEC Guide but
it doesn't seem to cover that the RRSIGs made by the new keys need to
be published before the DNSKEYs themselves are published in the zone.
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
More information about the bind-users