[knot-dns-users] Migrate signed zone to knot

Hi, We're preparing to migrate our zones from OpenDNSSEC 1.4 to Knot DNS 3.1 (and eventually the .is zone). We've already migrated one unsigned zone to the new signers, but next on the list is first currently signed zone. We're going to migrate the zone by doing a key rollover, so we'll add DNSKEY records for the new keys to the zone on the old signer and vice versa. While we're migrating the zone we have to stop automatic key rollovers, and I planned to create a new policy 'dnssec_freeze' with `manual: on` and apply it to zones during migration. Am I correct that this will stop all automatic key rolloveres, but keep the signatures updated? The the migration is complete, DS records and delegations have been updated etc., I'll change the policy to an automatic policy. Will knot seamlessly start automatically rolling over keys according to the new policy? .einar