ZKT Rulla nycklar

1. ZKTRullanycklar Torbjörn Eklöv

2. zkt-keyman

3. “Steg 1” • zkt-keyman -c ./dnssec.conf-1 xn--eklv-7qa.se. • zkt-signer -c ./dnssec.conf -r -N /etc/bind/named.conf

4. dsset dig ds +short xn--eklv-7qa.se. 11400 7 2 19AD0EE1B0198B3BCC30B1B7FF1EABEE79B2D012D5D06423DABC445F 0663D4B0 11400 7 1 3D2B838E7231A7DCC592E79B135685256AA1432E Ny!!

5. Lägguppnycke{ln|larna}

6. Domänhanteraren Hämta de nyanycklarna

7. “Steg 2” • zkt-keyman -c ./dnssec.conf-2 xn--eklv-7qa.se. • zkt-keyman: ksk_rollover (phase2): you have to wait for the propagation of the new KSK (at least 2971sec or 49m31s)

8. zkt-keyman -c dnssec.conf -0 xn--eklv-7qa.se.

9. Kontrollera!

10. Vänta!

11. Testaoch till slut händerdet! Direkt mot .se TLD NS Mot er resolver

12. “Steg 2” • zkt-keyman -c dnssec.conf -2 xn--eklv-7qa.se. • save new ksk in parent file

13. “Steg 3” • zkt-keyman -c dnssec.conf -3 xn--eklv-7qa.se. • zkt-keyman: ksk_rollover (phase3): you have to wait for DS propagation (at least 3856sec or 1h4m16s)

14. zkt-keyman -c dnssec.conf -0 xn--eklv-7qa.se.

15. Nycklar nu

16. Domänhanteraren Ta bortnycklarnaochhämtaigen

17. “Steg 3” • zkt-keyman -c dnssec.conf -3 xn--eklv-7qa.se. • remove parentfile • old ksk renamed

18. Dnscheck

19. Sammanfattning • zkt-keyman -c ./dnssec.conf -1 kommun.se. • zkt-signer -c ./dnssec.conf -r -N /etc/bind/named.conf • Läggupp de nyanycklarna via er registrar ochvänta tills .SE publicerat de/dem ~2 timmar • zkt-keyman -c ./dnssec.conf -2 xn--eklv-7qa.se. • Ta bort de gamlanycklarnaochväntapå .SE • zkt-keyman -c dnssec.conf -3 xn--eklv-7qa.se • Klart!