Infoblox Community
Reply
Highlighted

Migrate DNSSEC-signed zone - Import Keyset feature

[ Edited ]
Techie
Posts: 6
Registered: ‎11-06-2013
FSkur
Techie
Posts: 6

Hi,

 

A question regarding the Import keyset feature for Infoblox DNS

 

Moving a DNSSEC-signed zone from Bind to Infoblox could include importing existing DNSKEY/KSK from the Bind DNS to sign the zone with existing and new key. As stated in RFC 6781 section 4.3.5.1 - DNSSEC Operational Practices.

 

However, the Import Keyset feature is not well documented and the support states:

 

"Please note that you would not be able to import signed zone with the Key that you used in Bind. Once the zone is migrated to Infoblox, you would have to sign the zone once it is imported to Infoblox"

 

One could of course take the approach to unpublish the existing DS-records, import zone and sign it in Grid and publish the new keys at the Registrar

 

Anyone with more info regarding the Import Keyset feature?

 

Thanks,

Fredrik