[dns-operations] Switching DNSSEC uncooperative operator - help, please
James Stevens
james.stevens at jrcs.co.uk
Mon Mar 4 22:33:10 UTC 2019
On 04/03/2019 21:54, Wessels, Duane wrote:
>
>
>> On Mar 4, 2019, at 12:34 PM, James Stevens <james.stevens at jrcs.co.uk> wrote:
>>
>> wait >24 hrs then switch all NS (parent & zone),
>
> It sounds like you swapped out the NS records all at once? Is that a
> requirement?
Yes & no / not really.
> What if you gradually introduce new NS?
Gradually switching NS isn't a problem - I though a sudden switch over
would be better. Happy to give it a go.
>>
>> If I can just get the old provider to carry the new DNSKEYs, it seems to me this would alleviate most of the outage.
>
>
> Any chance you can sneak them in with the RFC 3597 "Unknown" format?
Probably, I'll take a look - I've never heard of it - do you think it
will be a widely supported solution - i.e. will most revolvers support
this solution?
More information about the dns-operations
mailing list