[Opendnssec-user] Suggestion for migration instructions
Havard Eidnes
he at uninett.no
Sun Mar 21 11:28:32 UTC 2021
Hi,
referring to
https://www.opendnssec.org/migration-from-1-4-to-2-1/
I would like to make the following suggestion.
7. Migration during a key roll (i.e. keys in state publish)
especially KSK, will involve assumptions in the migration,
so if possible perform the migration outside of a key roll
period.
Since it is likely that you will need to perform an OpenDNSSEC
conversion during a planned maintenance window, i.e. at a pre-
determined time, you probably want your KSK rotation schedule to
avoid that maintenance window.
A tip to do that is to increase your KSK <Lifetime> in your
kasp.xml file well in advance of your maintenance window.
This will in all probability avoid you having KSK keys "in
transition" when your planned maintenance window comes around.
BTW, I could not find the source for the above web page anywhere
on github, so did not try to suggest a pull request for this
additional hint, so therefore write here.
Best regards,
- Håvard
More information about the Opendnssec-user
mailing list