Hi I've got a generic question regards DNSSEC. What is the proper sequence of steps for going unsigned with a domain that is currently properly signed?
From the OpenDNSSEC course I remember that just removing the DS record form the parent is enough. Just make sure to keep serving the other bits such as RRSIG, DNSKEY etc. Once the TTL for the DS had expired and nobody should have a DS record anymore, then it's is safe to stop publishing RRSIGs, DNSKEY etc. I couldn't find any concise information on this topic... Many thanks Dick -- Dick Visser Sr. System & Network Engineer GÉANT Want to join us? We're hiring: http://www.geant.org/jobs _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
