Changing DNS servers (name only) for a DNSSEC enabled domain
Danilo Godec
danilo.godec at agenda.si
Mon Feb 13 15:58:03 UTC 2023
Hello,
in the near future I will have to change NS records for one of my
domains, as DNS servers currently use an old domain (not mine), that
will be phased out. DNS servers will actually remain the same, only the
domain name will change.
So, basically:
* mydomain currently uses dns1.olddomain, dns2.olddomain,
dns3.olddomain, ...
* dns*.olddomain are the same servers as dns*.newdomain
* mydomain has to change DNS server to dns1.newdomain, dns2.newdomain,
dns3.newdomain, ...
Since DNSSEC is enabled on mydomain, I've been reading some instructions
about doing this with DNSSEC and they say:
1. Disable DNSSEC at Registrar
2. Wait 24 hours
3. Disable DNSSEC at Name Server (remove DS-records)
4. Switch name servers
5. Wait 24 hours
6. Re-enable DNSSEC
Is this really necessary in this case, changing only DNS server names? I
would like to avoid changing DS records at the registrar level as they
don't provide a 'self-service' interface for managing them, so I have to
go though their support and that's usually tedious.
If that is necessary, why?
Thanks, Danilo
PS: If it matters, this is (still) a manually DNSSEC'd domain.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230213/478399d6/attachment.htm>
More information about the bind-users
mailing list