How do I rotate DKIM keys without any downtime for my email service? We use a single-server setup with just a DNS client, and the DNS servers are located at the service provider infrastructure. Ispconfig itself does not support key rotation, at least I don't see such an option.
If ISPConfig controls your DNS servers, then ISPConfig copies the DKIM keys to DNS. When DNS servers are located outside of ISPConfig, you need to copy the DKIM key to DNS primary server. I believe ISPConfig does not have automatic key rotation. I'n not convinced it would do any good to create new key unless old private key has somehow been leaked to malicious party.
The need for DKIM key rotation stems from the Data Protection Officer's guidelines. All keys in use are to be changed at least every six months. I need to organize this somehow.
