Hello, After some unsuccessful search on this forum, I have some question about DNSSEC in ISPConfig3: I took a look into the ISPConfig3 source code and I found renewal of the signed zone but no renewal of the ZSKS and KSK. Did I miss something? I read it is recommended to change them sometimes. For me it is a good thing it is not automated but I would like to be sure If I want to renew keys for a zone, how can I proceed? Because we have to keep old keys some days the time resolvers take new keys in account. Thanks.
They are not renewed automatically. Not sure if we currently have an option to do a rollover to new keys, I don't think so.