Seems all Admins are cooking their own soup. ;)
wouldn't be nice, if there were a opensource "script" for keyrollovers?!
Signing a zone is easy, but the propper maintaining seems to be a hassle...
Now i have some Holidays, where i can think about a FOSS keyrollover Project...
Cheers
On Thu. 5.
On 2022-05-05 18:45 +02, Jan-Piet Mens via Pdns-users
wrote:
> I haven't looked recently, but it might well be possible with a judicious use
> of
> pdnsutil(1) to kick a rollover; create new key, wait, remove old keys.
I have done algorithm rolls for my domains using pdnsutil(1). So it can
be d
Hi Adrian, JP,
On 5/5/22 18:45, Jan-Piet Mens via Pdns-users wrote:
> I haven't looked recently, but it might well be possible with a
> judicious use of
> pdnsutil(1) to kick a rollover; create new key, wait, remove old keys.
Another solution is using the CryptoKeys API[1], you can store the
timi
I don't like to compare pDNS with Bind, but ZSK Rollover is built in since Bind
9.7.
BIND's key rollover "automation" was such that keys had to be created and a
rollover could then be kicked; alternatively timing information in the key
metadata ensured that.
Be that as it may, comparing BIND t
Hi
This seems really to be complicated part!
~4000 Lines of code can be reasons to fail!
I am wondering, why there is no "prebuild" solution for this.
I don't like to compare pDNS with Bind, but ZSK Rollover is built in since Bind
9.7.
... Ok, is only the half story, but does pDNS support auto
