How to upgrade DNSsec algorithm for domains?
... / How to upgrade DNSsec alg...
BMPCreated with Sketch.BMPZIPCreated with Sketch.ZIPXLSCreated with Sketch.XLSTXTCreated with Sketch.TXTPPTCreated with Sketch.PPTPNGCreated with Sketch.PNGPDFCreated with Sketch.PDFJPGCreated with Sketch.JPGGIFCreated with Sketch.GIFDOCCreated with Sketch.DOC Error Created with Sketch.
Question

How to upgrade DNSsec algorithm for domains?

by
ChristophH
Created on 2021-03-10 09:01:04 (edited on 2024-09-04 14:25:26) in DNS

Hello!

I registered several domains with OVH. Some of them over 10 years ago ;-)

Now I'm in the need to upgrade the DNSsec algorithm for my domains from 7 or 8 to at best 13, since RSASHA1 and RSASHA1-NSEC3-SHA1 are severely wounded.

I'm fearing my MX-servers getting blocked for using such old algorithms. Victor Dukhovni asked OVH for upgrading their old algorithms in 2020-01-10 via Twitter, but got no reaction from OVH-staff :frowning:

What have I to do to get the DNSsec algorithms upgraded? Write a support ticket for each of my domains?

I know a ZSK&KSK-key-rollover isn't an easy job to do, but OVH is DNS-provider for myriads of domains... so they should own a plan or strategy for this!

I guess I'm not the only OVH-customer who uses DNSsec and the domains are signed by old algos, which want's to have a correct DNSsec-setup for their servers.

Cheers from Germany
Christoph.


Replies are currently disabled for this question.