moving DNSSEC to a hidden master
David Newman
dnewman at networktest.com
Wed Oct 2 00:27:50 UTC 2013
On 10/1/13 2:16 PM, David Newman wrote:
> Is there a recommended order of operations when moving DNSSEC-enabled
> nameservers to a hidden-master setup?
Actually, this is really a more general question: Is there a recommended
order of operations when migrating zones between any two DNSSEC-enabled
nameservers, assuming the same version of bind on each?
thanks
dn
>
> I'm hoping it's just as simple as moving all these files into place on
> the hidden master:
>
> *.key
> *.private
> managed-keys.bind
> *.jbk
> *.jnl
> *.signed
> *.signed.jnl
>
> If not, what do I need to do? In theory I suppose I could crank all TTLs
> down to 0 and generate new keys on the hidden master and generate new DS
> keys for the registrar, but is that necessary?
>
> This is all on bind 9.9.4.
>
> Thanks.
>
> dn
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list