Hi Adrian, JP, On 5/5/22 18:45, Jan-Piet Mens via Pdns-users wrote: > I haven't looked recently, but it might well be possible with a > judicious use of > pdnsutil(1) to kick a rollover; create new key, wait, remove old keys.
Another solution is using the CryptoKeys API[1], you can store the timing information with the program/tool that calls the API (e.g. in a database or on-disk file). If you want to persist this data inside PowerDNS, you could use metadata starting with 'X-'[2,3]. Having an external application saves a _lot_ of complexity inside the nameserver. Cheers, Pieter 1 - https://doc.powerdns.com/authoritative/http-api/cryptokey.html 2 - https://doc.powerdns.com/authoritative/http-api/metadata.html 3 - https://doc.powerdns.com/authoritative/domainmetadata.html#extra-metadata -- Pieter Lexis E: pie...@plexis.eu _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
