dnssec-signzone ZSK smooth rollover (!5285) · Merge requests · ISC Open Source Projects / BIND

Matthijs Mekking requested to merge 1551-dnssec-signzone-prepublish-zsk-support into main Jul 20, 2021

When signing with a ZSK, check if it has a predecessor. If so, and if the predecessor key is sane (same algorithm, key id matches predecessor value, is zsk), check if the RRset is signed with this key. If so, skip signing with this successor key. Otherwise, do sign with the successor key.

Closes #1551 (closed)

Edited Aug 11, 2021 by Matthijs Mekking

dnssec-signzone ZSK smooth rollover

Merge request reports