{"id":379,"date":"2021-07-23T12:28:47","date_gmt":"2021-07-23T12:28:47","guid":{"rendered":"https:\/\/ssdsunucum.com\/blog\/how-to-rotate-a-dnssec-key\/"},"modified":"2021-07-23T12:28:47","modified_gmt":"2021-07-23T12:28:47","slug":"how-to-rotate-a-dnssec-key","status":"publish","type":"post","link":"https:\/\/ssdsunucum.com\/blog\/how-to-rotate-a-dnssec-key\/","title":{"rendered":"How to Rotate a DNSSEC Key"},"content":{"rendered":"<\/p>\n<div class=\"col-md-9\">\n<div class=\"flex-column flex-md-row article-header\">\n<div id=\"versioned-article-header\">\n<p class=\"valid-version-info\"><em>Valid for versions 86 through the latest version<\/em><\/p>\n<\/div>\n<div id=\"version-select-group\" aria-label=\"select versions\">\n<h4>Version:<\/h4>\n<h4>82<\/h4>\n<h4>84<\/h4>\n<h4>86<\/h4>\n<\/div><\/div>\n<hr>\n<h2 id=\"overview\">Overview<\/h2>\n<p>This document describes how to rotate a domain\u2019s DNS Security Extensions (DNSSEC) keys on a server. You can rotate your domains\u2019 DNSSEC keys regularly to increase your DNS record\u2019s security.<\/p>\n<p>For more information about DNSSEC in cPanel &#038; WHM, read our DNSSEC documentation.<\/p>\n<div class=\"callout callout-warning\">\n<div class=\"callout-heading\">Important:<\/div>\n<div class=\"callout-content\">\n<ul>\n<li>\n<p>We recommend that you rotate your domain\u2019s DNSSEC keys yearly.<\/p>\n<\/li>\n<li>\n<p>The system includes DNSSEC keys in an account\u2019s backup file. You do <strong>not<\/strong> need to create new DNSSEC keys if you transfer the account to another server. For more information, read our Backup Tarball Contents documentation.<\/p>\n<\/li>\n<li>\n<p>For more information about DNSSEC key rotation, we <strong>strongly<\/strong> suggest that you read the RFC 6781 documentation.<\/p>\n<\/li>\n<\/ul><\/div>\n<\/div>\n<h2 id=\"rotate-the-key\">Rotate the key<\/h2>\n<p>(on PowerDNS 4.2)<\/p>\n<p>To rotate a DNSSEC key, perform the following steps:<\/p>\n<ol>\n<li>\n<p>Navigate to cPanel\u2019s <em>Zone Editor<\/em> interface (<em>cPanel<\/em> &gt;&gt; <em>Home<\/em> &gt;&gt; <em>Domains<\/em> &gt;&gt; <em>Zone Editor<\/em>).<\/p>\n<\/li>\n<li>\n<p>For the domain that you wish to manage, click <em>DNSSEC<\/em>. The DNSSEC interface will appear. It will will display a recommendation for when you should rotate this key.<\/p>\n<\/li>\n<li>\n<p>Generate a new DNSSEC key for the domain.<\/p>\n<\/li>\n<li>\n<p>Navigate to your domain registrar and enter the new DNSSEC key information for the domain. <\/p>\n<div class=\"callout callout-info\">\n<div class=\"callout-heading\">Note:<\/div>\n<div class=\"callout-content\">\n        Many registrars provide a Manage DNSSEC option in their domain management portals.  If they do not provide that option, you <strong>must<\/strong> manually add a DS record through their management portal.\n    <\/div>\n<\/div>\n<\/li>\n<li>\n<p>Wait 24 to 48 hours for the DS record to propagate.<\/p>\n<\/li>\n<li>\n<p>Remove the old DNSSEC key information for the domain from the registrar.<\/p>\n<\/li>\n<li>\n<p>Navigate to cPanel\u2019s <em>Zone Editor<\/em> interface (<em>cPanel<\/em> &gt;&gt; <em>Home<\/em> &gt;&gt; <em>Domains<\/em> &gt;&gt; <em>Zone Editor<\/em>) and delete the old DNSSEC key.<\/p>\n<\/li>\n<\/ol><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Valid for versions 86 through the latest version Version: 82 84 86 Overview This document describes how to rotate a domain\u2019s DNS Security Extensions (DNSSEC) keys on a server. You can rotate your domains\u2019 DNSSEC keys regularly to increase your DNS record\u2019s security. For more information about DNSSEC in cPanel &#038; WHM, read our DNSSEC &hellip;<\/p>\n","protected":false},"author":1,"featured_media":380,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/379"}],"collection":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/comments?post=379"}],"version-history":[{"count":0,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/379\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media\/380"}],"wp:attachment":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media?parent=379"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/categories?post=379"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/tags?post=379"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}