[dns-operations] Switching DNSSEC uncooperative operator - help, please
Wessels, Duane
dwessels at verisign.com
Mon Mar 4 21:54:41 UTC 2019
> On Mar 4, 2019, at 12:34 PM, James Stevens <james.stevens at jrcs.co.uk> wrote:
>
> wait >24 hrs then switch all NS (parent & zone),
It sounds like you swapped out the NS records all at once? Is that a requirement? What if you gradually introduce new NS?
>
> If I can just get the old provider to carry the new DNSKEYs, it seems to me this would alleviate most of the outage.
Any chance you can sneak them in with the RFC 3597 "Unknown" format?
DW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3039 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190304/992c5cf2/attachment.bin>
More information about the dns-operations
mailing list