-127
Regular Rollover
nChild generates new zone signing
key and signs with two keys.
nQuery for the parental DS and remember the TTL you will need it later
ndnssec-signzone Ð k Ksub.tld.+5+12345.key Ðk Ksub.tld.+5+67890.key
nUpload the new key to the parent. The parent will generate a new DS RR.
nCheck if all parental servers (slaves and masters) have picked up the change, wait another TTL before you remove the old key.
nQuery for the parental DS and remember the TTL you will need it later
ndnssec-signzone Ð k Ksub.tld.+5+12345.key Ðk Ksub.tld.+5+67890.key
nUpload the new key to the parent. The parent will generate a new DS RR.
nCheck if all parental servers (slaves and masters) have picked up the change, wait another TTL before you remove the old key.