[Opendnssec-develop] How to migrate a signed zone to OpenDNSSEC

[Antoin Verschuren]

I would say this would be excactly the same as the transfer issue from a different DNS-operator.
Just feed the (signed) zone to opendnssec, and roll the key using the same process as when the zone is transferred, i.e. pre-publish.

Antoin Verschuren

Technical Policy Advisor SIDN
Utrechtseweg 310, PO Box 5022, 6802 EA Arnhem, The Netherlands

P: +31 26 3525500  F: +31 26 3525505  M: +31 6 23368970
mailto:antoin.verschuren at sidn.nl  xmpp:antoin at jabber.sidn.nl  http://www.sidn.nl/


> -----Original Message-----
> From: opendnssec-develop-bounces at lists.opendnssec.org [mailto:opendnssec-
> develop-bounces at lists.opendnssec.org] On Behalf Of Rickard Bellgrim
> Sent: Wednesday, November 11, 2009 3:57 PM
> To: opendnssec-develop at lists.opendnssec.org
> Subject: [Opendnssec-develop] How to migrate a signed zone to OpenDNSSEC
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Hi
> 
> I am writing some text on how to migrate a signed zone to OpenDNSSEC. I
> believe that there are three alternatives.
> 
> 1. Export the keys
> 2. Prepublish DNSKEY record
> 3. Unsign and start fresh
> (4. More alternative?)
> 
> Does anyone of you have a good description on how to do the prepublishing
> method? Where you start signing the zone on a new server. Take the DNSKEY
> records and put them in the old name server. Etc.
> 
> http://trac.opendnssec.org/wiki/Signer/Using/Migrating
> 
> Thanks
> // Rickard
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 9.8.3 (Build 4028)
> Charset: utf-8
> 
> wsBVAwUBSvrQoeCjgaNTdVjaAQjjlwf+KHL62SV8mSl89lxjKdrox/4vOmzMLsAH
> hWEBp2P2mpKOBpDSDQt2ONDxPqGtSYb4PRy2VZTT3or0M3iMcgapGk9rxisMoveK
> gTXQTGLIRaZrNhah+2D7lD9GL/lItMG4mO/WFIRaUN6D6N79IliVngbhBmHTuE2W
> xXeTRV6WKlkybxQlIqkLYvF4L/baF2JHy1gQR27yjtPmmED7Zb9Q2cHdmUotXcV1
> LZg+NBXw1xE/Y6jEpA31NxKDSTGcvEM0itTpYx2tR0dZr/4gwtQ39jVxrTDP+5Tl
> q4SDGnQut13YoMgx/WkcS7A6bMHkEZkV9j57QVgAv2+MUJxWtJWRWg==
> =GnNP
> -----END PGP SIGNATURE-----
> 
>