Mass transfer with DNSSEC
Hi
We would like to allow our customers to use DNSSEC, but is it correct that we can't use the transfer feature of cpanel anymore without removing the DS record at the registry first?
We used for example the transfer feature of cpanel to migrate from Centos 6 to Centos 7. This worked very well and was an easy task. With DNSSEC enabled in the future, we would need to contact each customer first and ask them to remove the DNSSEC entries at the registry?
We also used the transfer feature before when we had problem with the server hardware. In such a case we can't wait until all customers removed the DS record at the registry. What happens to this customers who don't remove the entry?
Regards
Michael
-
AS FAR AS I KNOW (I'm not 100% sure on this to be honest and it's not totally clear in the docs either) If you run DNS cluster, then you don't have to do anything as the zone is just updated. If you don't run DNS cluster and are transfering to another server - to another DNS zone - then you'd need to remove/add DNSSEC from the registry. 0 -
I just tested it, I transferred an account with dnssec activated to a new server. The new server is not using the dns cluster but has his own nameservers. At the registry I just changed the nameservers and not the dnssec entries. The domain is after the transfer still working and also the test at DNSSEC Analyzer - testname.ch looks still ok. Is this a mistake in the instruction and it's not necessary to disable dnssec at the registry level before you do a transfer? 0 -
@CoolMike - can you let me know which specific instructions you're following so I can check that? 0 -
Thanks for the details. I tested this on my end and confirmed the DNSSEC key is migrated when this work is performed with the Transfer Tool, so I'm going to speak with our documentation team about getting that adjusted. 0
Please sign in to leave a comment.
Comments
5 comments