DNS DHCP IPAM

Reply
Highlighted

Migrate DNSSEC-signed zone - Import Keyset feature

[ Edited ]
FSkur
Techie
Posts: 6
748     0

Hi,

 

A question regarding the Import keyset feature for Infoblox DNS

 

Moving a DNSSEC-signed zone from Bind to Infoblox could include importing existing DNSKEY/KSK from the Bind DNS to sign the zone with existing and new key. As stated in RFC 6781 section 4.3.5.1 - DNSSEC Operational Practices.

 

However, the Import Keyset feature is not well documented and the support states:

 

"Please note that you would not be able to import signed zone with the Key that you used in Bind. Once the zone is migrated to Infoblox, you would have to sign the zone once it is imported to Infoblox"

 

One could of course take the approach to unpublish the existing DS-records, import zone and sign it in Grid and publish the new keys at the Registrar

 

Anyone with more info regarding the Import Keyset feature?

 

Thanks,

Fredrik

Re: Migrate DNSSEC-signed zone - Import Keyset feature

Ingmar
Techie
Posts: 12
749     0

Unfortunately it is not possible to import the private keys and the method suggested by support is also what we resort to during PS led migrations.

Showing results for 
Search instead for 
Do you mean 

Recommended for You