Disable DNSSEC
Eric Davis
eric at mail.rockefeller.edu
Tue Jan 7 16:24:31 UTC 2014
So I guess my DS record has the same TTL as my default TTL for my records? My default is 8 hours, so if I wait 8 hours after I remove the DS from my parent zone then I should be ok? My parent zone is a TLD(.edu).
-----Original Message-----
From: bind-users-bounces+eric=rockefeller.edu at lists.isc.org [mailto:bind-users-bounces+eric=rockefeller.edu at lists.isc.org] On Behalf Of Georg Kahest
Sent: Tuesday, January 07, 2014 10:12 AM
To: bind-users at lists.isc.org
Subject: Re: Disable DNSSEC
On 01/07/2014 05:01 PM, Eric Davis wrote:
> My DNS appliances are not well-suited for this yet, so I want to
> disable DNSSEC for my for domain. Anyone know the proper steps to
> take and what order if there is any order? I have a DS record in my
> parent domain. Do I need to remove that first? Thanks in advance.
>
> Eric
>
>
>
> _______________________________________________ Please visit
> https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> bind-users mailing list bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
Yes, first remove the DS from parent zone, then wait for the DS ttl to expire and then you can start removing DNSKEY's from your zone.
--
Georg
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list