Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.protocols.dns.bind > #15931

Re: How to prepublish additional DNSKEY

From Tony Finch <dot@dotat.at>
Newsgroups comp.protocols.dns.bind
Subject Re: How to prepublish additional DNSKEY
Date 2020-07-08 16:32 +0100
Message-ID <mailman.647.1594222325.942.bind-users@lists.isc.org> (permalink)
References <3E18C1A0C550C44DA156DA5DA8ECCC6AB622808F@NICS-EXCH2.sbg.nic.at> <alpine.DEB.2.20.2007081628490.9145@grey.csi.cam.ac.uk>

Show all headers | View raw

Klaus Darilion <klaus.darilion@nic.at> wrote:
>
> A signed zone shall be moved to another DNS provider. Hence I want to
> add the public KSK of the gaining DNS provider as additional DNSKEY to
> the zone.

I guess you might already have seen this draft - it discusses long-term
multi-provider setups rather than transitional ones, so it isn't direcly
on point, but it still has some useful ideas.

https://tools.ietf.org/html/draft-ietf-dnsop-multi-provider-dnssec

> So, how is the correct process to add an additional DNSKEY (only the public key is known).

I think you are looking for `dnssec-importkey`.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Viking, North Utsire, South Utsire, Northeast Forties: Northwesterly 4 to 6,
becoming variable 2 to 4 except in South Utsire. Slight or moderate. Showers.
Good.

Back to comp.protocols.dns.bind | Previous | Next | Find similar

Thread

Re: How to prepublish additional DNSKEY Tony Finch <dot@dotat.at> - 2020-07-08 16:32 +0100

csiph-web