How do I rotate DKIM keys without any downtime for my email service? We use a single-server setup with just a DNS client, and the DNS servers are located at the service provider infrastructure. Ispconfig itself does not support key rotation, at least I don't see such an option.
If ISPConfig controls your DNS servers, then ISPConfig copies the DKIM keys to DNS. When DNS servers are located outside of ISPConfig, you need to copy the DKIM key to DNS primary server. I believe ISPConfig does not have automatic key rotation. I'n not convinced it would do any good to create new key unless old private key has somehow been leaked to malicious party.
