Hi Thomas,
It's not clear what is the source DNS software. Is it Bind or Knot DNS?
The keymgr import is the right way. But you have to import full keys
(private and public parts) for a seamless operation.
Daniel
On 1/14/20 12:37 AM, Thomas wrote:
Hi!
I need to import dnskeys (KSKs & ZSKs) from an existing zone to my own
zone. This needs to be done due to a name server change without breaking
the chain of trust according to RFC6781 - Section 4.3.5. "Changing DNS
Operators"
I read in the KNon documentation that manual added dnskeys will be
removed when the zone gets signed:
"Updating the DNSKEY records. The whole DNSKEY set in zone apex is
replaced by the keys from the KASP database. Note that keys added into
the zone file manually will be removed. To add an extra DNSKEY record
into the set, the key must be imported into the KASP database (possibly
deactivated)."
So I need to import these keys into the KASP via the keymgr tool, right?
There is the "keymgr import-pub" method that expects a key in BIND
format. Is that the appropriate method for my task? If so, how do I
convert a DNSKEY Record into a Bind public key file?
Thanks a lot!
Thomas