I got this around the ZSK/KSK around the wrong way (I was a little tired).. And found it already activates the new key is added so the activate is not needed as on the webpage ? Does this look all right now? I noticed when you secure a domain it adds an unactivated zsk which I could roll to in the 1st instance ?
Maybe I should do a lot more reading about thisĀ. or ZSK Roll over.. pdnssec show-zone domain.co.nz (find oldkey-id) pdnssec add-zone-key domain.co.nz zsk 1024 pdnsec deactivate-zone-key domain.co.nz <oldkey-id> pdnsec remove-zone-key domain.co.nz <oldkey-id> KSK Roll Over pdnssec show-zone domain.co.nz (to find oldkey-id) pdnssec add-zone-key domain.co.nz ksk 2048 Send new DS's to upstream (but don't delete the old one) Wait until the upstream has new DS's in their DNS. Remove old DS's from upstream pdnssec deactivate-zone-key domain.co.nz <oldkey-id> pdnssec remove-zone-key domain.co.nz <oldkey-id> I found the slave does not update at all so I also have to increase the Serial number on the roll overs as well or the slave does not update.. Comments? Thanks Craig
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
