Migrating automatically signed zones from Bind to Knot DNS is very easy due to the fact that Knot DNS is able to use DNSSEC keys generated by Bind.
rndc flush example.com
Note: If dynamic updates (DDNS) are enabled for the given zone, you might need to
freeze the zone before flushing it. That can be done similarly:
rndc freeze example.com
/var/lib/knot
.
example.com.keys
in zones storage
directory. Then copy all DNSSEC keys (*.key
and *.private
) from
Bind key directory (configured as key-directory
) into the newly
created one.
file
), key
directory (option dnssec-keydir
), and enable automatic DNSSEC signing
(option dnssec-enable
).
You can follow this example:
zones { storage "/var/lib/knot"; example.com { dnssec-enable on; dnssec-keydir "example.com.keys"; file "example.com.db"; } }