Seems all Admins are cooking their own soup. ;)
wouldn't be nice, if there were a opensource "script" for keyrollovers?!
Signing a zone is easy, but the propper maintaining seems to be a hassle...
Now i have some Holidays, where i can think about a FOSS keyrollover Project...
Cheers
On Thu. 5.
On 2022-05-05 18:45 +02, Jan-Piet Mens via Pdns-users
wrote:
> I haven't looked recently, but it might well be possible with a judicious use
> of
> pdnsutil(1) to kick a rollover; create new key, wait, remove old keys.
I have done algorithm rolls for my domains using pdnsutil(1). So it can
be d
Hi Adrian, JP,
On 5/5/22 18:45, Jan-Piet Mens via Pdns-users wrote:
> I haven't looked recently, but it might well be possible with a
> judicious use of
> pdnsutil(1) to kick a rollover; create new key, wait, remove old keys.
Another solution is using the CryptoKeys API[1], you can store the
timi
I don't like to compare pDNS with Bind, but ZSK Rollover is built in since Bind
9.7.
BIND's key rollover "automation" was such that keys had to be created and a
rollover could then be kicked; alternatively timing information in the key
metadata ensured that.
Be that as it may, comparing BIND t
2022 09:36
> An: pdns-users@mailman.powerdns.com
> Betreff: [Pdns-users] Automated DNSSEC Keyrollover
>
> Good day
> We use pDNS since a couple of years with a great success in a ISP
> environment.
> For DNSSEC implementation i made a lab Setup like:
> - pdns v 4.7.0 - alpha1
> - DNS M
Good day
We use pDNS since a couple of years with a great success in a ISP environment.
For DNSSEC implementation i made a lab Setup like:
- pdns v 4.7.0 - alpha1
- DNS Multimaster Setup
- Mysql Replication master-> slaves
DNSSEC can be enabled with API call and/or pdnsutil. As our registry accep
