Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis



Migrate DNSSEC-signed zone - Import Keyset feature

[ Edited ]
Posts: 6
2671     0



A question regarding the Import keyset feature for Infoblox DNS


Moving a DNSSEC-signed zone from Bind to Infoblox could include importing existing DNSKEY/KSK from the Bind DNS to sign the zone with existing and new key. As stated in RFC 6781 section - DNSSEC Operational Practices.


However, the Import Keyset feature is not well documented and the support states:


"Please note that you would not be able to import signed zone with the Key that you used in Bind. Once the zone is migrated to Infoblox, you would have to sign the zone once it is imported to Infoblox"


One could of course take the approach to unpublish the existing DS-records, import zone and sign it in Grid and publish the new keys at the Registrar


Anyone with more info regarding the Import Keyset feature?





Re: Migrate DNSSEC-signed zone - Import Keyset feature

Community Manager
Community Manager
Posts: 68
2672     0

Unfortunately it is not possible to import the private keys and the method suggested by support is also what we resort to during PS led migrations.

Showing results for 
Search instead for 
Do you mean 

Recommended for You