KSAP - How to manually rollover keys documentation?

[Eddie Rowe]

I appreciate your email.  I thought that was the process but the older version of the ARM I was using (matches my version) didn't have that nice section.  So I will need to be sure to look in the current document when scratching my head as someone is making some nice additions and improvements to the documentation!
________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Nick Tait via bind-users <bind-users at lists.isc.org>
Sent: Friday, September 29, 2023 5:01 PM
To: bind-users at lists.isc.org <bind-users at lists.isc.org>
Subject: Re: KSAP - How to manually rollover keys documentation?

On 28/09/23 10:02, Eddie Rowe wrote:
I am using the nifty feature of the KASP in 9.16.23, but I cannot seem to locate documentation on how to manually rollover keys in case this is needed in the future. The documentation is excellent as far as discussing the steps involved for the manual or semi-automatic but I am not seeing the steps and tools you would use to rollover manually when using the KASP feature.  Am I overlooking another document or KB article on this topic?

Hi Eddie.

I wonder if the information you're looking for is here: https://bind9.readthedocs.io/en/latest/chapter5.html#key-rollover

Specifically the following sentence:

To roll a key sooner than scheduled, or to roll a key that has an unlimited lifetime, use: rndc dnssec -rollover -key 12345 dnssec.example.<https://bind9.readthedocs.io/en/latest/manpages.html#cmdoption-rndc-arg-dnssec>.

Nick.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20231002/14e63de9/attachment.htm>