moving DNSSEC to a hidden master
David Newman
dnewman at networktest.com
Tue Oct 1 21:16:11 UTC 2013
Is there a recommended order of operations when moving DNSSEC-enabled
nameservers to a hidden-master setup?
I'm hoping it's just as simple as moving all these files into place on
the hidden master:
*.key
*.private
managed-keys.bind
*.jbk
*.jnl
*.signed
*.signed.jnl
If not, what do I need to do? In theory I suppose I could crank all TTLs
down to 0 and generate new keys on the hidden master and generate new DS
keys for the registrar, but is that necessary?
This is all on bind 9.9.4.
Thanks.
dn
More information about the bind-users
mailing list