How to prepublish additional DNSKEY
Tony Finch
dot at dotat.at
Wed Jul 8 15:32:29 UTC 2020
Klaus Darilion <klaus.darilion at nic.at> wrote:
>
> A signed zone shall be moved to another DNS provider. Hence I want to
> add the public KSK of the gaining DNS provider as additional DNSKEY to
> the zone.
I guess you might already have seen this draft - it discusses long-term
multi-provider setups rather than transitional ones, so it isn't direcly
on point, but it still has some useful ideas.
https://tools.ietf.org/html/draft-ietf-dnsop-multi-provider-dnssec
> So, how is the correct process to add an additional DNSKEY (only the public key is known).
I think you are looking for `dnssec-importkey`.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Viking, North Utsire, South Utsire, Northeast Forties: Northwesterly 4 to 6,
becoming variable 2 to 4 except in South Utsire. Slight or moderate. Showers.
Good.
More information about the bind-users
mailing list