On 2022-05-05 18:45 +02, Jan-Piet Mens via Pdns-users
wrote:
> I haven't looked recently, but it might well be possible with a judicious use
> of
> pdnsutil(1) to kick a rollover; create new key, wait, remove old keys.
I have done algorithm rolls for my domains using pdnsutil(1). So it can
be
Hi Adrian, JP,
On 5/5/22 18:45, Jan-Piet Mens via Pdns-users wrote:
> I haven't looked recently, but it might well be possible with a
> judicious use of
> pdnsutil(1) to kick a rollover; create new key, wait, remove old keys.
Another solution is using the CryptoKeys API[1], you can store the
I don't like to compare pDNS with Bind, but ZSK Rollover is built in since Bind
9.7.
BIND's key rollover "automation" was such that keys had to be created and a
rollover could then be kicked; alternatively timing information in the key
metadata ensured that.
Be that as it may, comparing BIND
Hi
This seems really to be complicated part!
~4000 Lines of code can be reasons to fail!
I am wondering, why there is no "prebuild" solution for this.
I don't like to compare pDNS with Bind, but ZSK Rollover is built in since Bind
9.7.
... Ok, is only the half story, but does pDNS support
Good day
We use pDNS since a couple of years with a great success in a ISP environment.
For DNSSEC implementation i made a lab Setup like:
- pdns v 4.7.0 - alpha1
- DNS Multimaster Setup
- Mysql Replication master-> slaves
DNSSEC can be enabled with API call and/or pdnsutil. As our registry