Good day We use pDNS since a couple of years with a great success in a ISP environment. For DNSSEC implementation i made a lab Setup like: - pdns v 4.7.0 - alpha1 - DNS Multimaster Setup - Mysql Replication master-> slaves
DNSSEC can be enabled with API call and/or pdnsutil. As our registry accept CDS records, we have a comftable way to establish the chain of trust. Now i like to rollover the ZSK and of course the KSK on a periodical manner. I am aware of this two howtos: https://doc.powerdns.com/authoritative/guides/zskroll.html https://doc.powerdns.com/authoritative/guides/kskroll.html Is this the only way for a Key Rollover? Sorry, if i am missed out something in the Docs! With hunderts of DNSSEC Domains, the rollover must be automated. I cloud not find any tested scripts/howto-do-it-in-reallife for pDNS Rollovers... How is the pDNS way for a keyrollover in a environment with >100 Domains? ... Life o a Admin... ;) Thank you very much for your input! Best regards Adrian
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
