9.16.2 / DNSSEC / DS records

Jukka Pakkanen jukka.pakkanen at qnet.fi
Wed Apr 15 23:21:53 UTC 2020

Updating from 9.14.11 to 9.16.2, and migrating existing signed zones to dnssec-policy, and have couple questions, probably quite trivial...

We have signed zones with different key algorithms, now I want everything under the same ecdsa256 policy.  I guess when the key algorithm changes, example from 8 to 13, we need to update the DS key at the registrar as well?

About the DS keys, where can I find or retrieve them after the zone is automatically resigned by the dnssec-policy, to insert in to Hover.com's zone data?

The Finnish Traficom .fi root service was able to retrieve the new DS records it self, but for Hover need to insert them manually.

Do I need to keep the old DS records at the registrar for some period of time, of can I just swap the information there, without breaking anything?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200415/47ef54ea/attachment.htm>

More information about the bind-users mailing list