Seems all Admins are cooking their own soup. ;)
wouldn't be nice, if there were a opensource "script" for keyrollovers?!
Signing a zone is easy, but the propper maintaining seems to be a hassle...
Now i have some Holidays, where i can think about a FOSS keyrollover Project...
Cheers
On Thu. 5.
On 2022-05-05 18:45 +02, Jan-Piet Mens via Pdns-users
wrote:
> I haven't looked recently, but it might well be possible with a judicious use
> of
> pdnsutil(1) to kick a rollover; create new key, wait, remove old keys.
I have done algorithm rolls for my domains using pdnsutil(1). So it can
be d
Hi Adrian, JP,
On 5/5/22 18:45, Jan-Piet Mens via Pdns-users wrote:
> I haven't looked recently, but it might well be possible with a
> judicious use of
> pdnsutil(1) to kick a rollover; create new key, wait, remove old keys.
Another solution is using the CryptoKeys API[1], you can store the
timi
I don't like to compare pDNS with Bind, but ZSK Rollover is built in since Bind
9.7.
BIND's key rollover "automation" was such that keys had to be created and a
rollover could then be kicked; alternatively timing information in the key
metadata ensured that.
Be that as it may, comparing BIND t
Hi
This seems really to be complicated part!
~4000 Lines of code can be reasons to fail!
I am wondering, why there is no "prebuild" solution for this.
I don't like to compare pDNS with Bind, but ZSK Rollover is built in since Bind
9.7.
... Ok, is only the half story, but does pDNS support auto
Good day
We use pDNS since a couple of years with a great success in a ISP environment.
For DNSSEC implementation i made a lab Setup like:
- pdns v 4.7.0 - alpha1
- DNS Multimaster Setup
- Mysql Replication master-> slaves
DNSSEC can be enabled with API call and/or pdnsutil. As our registry accep
