[Opendnssec-user] [centr-tech] Question about OpenDNSSEC and migration to version 2

Paul Wouters paul at nohats.ca
Mon Mar 9 14:56:27 UTC 2020


On Mon, 9 Mar 2020, Berry A.W. van Halderen via Opendnssec-user wrote:

>>> I have a question to those of you who are using OpenDNSSEC for signing
>>> your registry zones. At Norid, we are currently in the process of
>>> testing OpenDNSSEC version 2 with a plan to migrate when we feel
>>> comfortable with that.

The fedora packages of opendnssec-2.x contain hooks to automatically
migrate 1.x to 2.x. This has only been tested to work with freeipa,
which uses relatively small zones and we wouldn't really catch double
signing bugs or anything as long as DNSSEC validation keeps working.

I did have to make small changes to the upstream migration scripts. One
part was storing in the db that migration has already happened. Perhaps
upstream can grab those downstream changes for their next release too :)

Paul


More information about the Opendnssec-user mailing list