ZKT Rulla nycklar
description
Transcript of ZKT Rulla nycklar
![Page 1: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/1.jpg)
ZKTRulla nycklar
Torbjörn Eklöv
![Page 2: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/2.jpg)
zkt-keyman
![Page 3: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/3.jpg)
“Steg 1”
• zkt-keyman -c ./dnssec.conf -1 xn--eklv-7qa.se.
• zkt-signer -c ./dnssec.conf -r -N /etc/bind/named.conf
![Page 4: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/4.jpg)
dssetdig ds +short xn--eklv-7qa.se.11400 7 2 19AD0EE1B0198B3BCC30B1B7FF1EABEE79B2D012D5D06423DABC445F 0663D4B011400 7 1 3D2B838E7231A7DCC592E79B135685256AA1432E
Ny!!
![Page 5: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/5.jpg)
Lägg upp nycke{ln|larna}
![Page 6: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/6.jpg)
Domänhanteraren
Hämta de nya nycklarna
![Page 7: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/7.jpg)
“Steg 2”
• zkt-keyman -c ./dnssec.conf -2 xn--eklv-7qa.se.
• zkt-keyman: ksk_rollover (phase2): you have to wait for the propagation of the new KSK (at least 2971sec or 49m31s)
![Page 8: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/8.jpg)
zkt-keyman -c dnssec.conf -0 xn--eklv-7qa.se.
![Page 9: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/9.jpg)
Kontrollera!
![Page 10: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/10.jpg)
Vänta!
![Page 11: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/11.jpg)
Testa och till slut händer det!
Direkt mot .se TLD NS
Mot er resolver
![Page 12: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/12.jpg)
“Steg 2”
• zkt-keyman -c dnssec.conf -2 xn--eklv-7qa.se.
• save new ksk in parent file
![Page 13: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/13.jpg)
“Steg 3”
• zkt-keyman -c dnssec.conf -3 xn--eklv-7qa.se.
• zkt-keyman: ksk_rollover (phase3): you have to wait for DS propagation (at least 3856sec or 1h4m16s)
![Page 14: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/14.jpg)
zkt-keyman -c dnssec.conf -0 xn--eklv-7qa.se.
![Page 15: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/15.jpg)
Nycklar nu
![Page 16: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/16.jpg)
Domänhanteraren
Ta bort nycklarna och hämta igen
![Page 17: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/17.jpg)
“Steg 3”
• zkt-keyman -c dnssec.conf -3 xn--eklv-7qa.se.
• remove parentfile • old ksk renamed
![Page 18: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/18.jpg)
Dnscheck
![Page 19: ZKT Rulla nycklar](https://reader036.fdocuments.in/reader036/viewer/2022062309/56815b2c550346895dc8f51e/html5/thumbnails/19.jpg)
Sammanfattning
1. zkt-keyman -c ./dnssec.conf -1 kommun.se.2. zkt-signer -c ./dnssec.conf -r -N /etc/bind/named.conf 3. Lägg upp de nya nycklarna via er registrar och vänta tills .SE
publicerat de/dem ~2 timmar4. zkt-keyman -c ./dnssec.conf -2 xn--eklv-7qa.se.5. Ta bort de gamla nycklarna och vänta på .SE6. zkt-keyman -c dnssec.conf -3 xn--eklv-7qa.se7. Klart!