Step 7: switch the DS record

Written by Roland van Rijswijk in category: Architecture, Procedures, Technical

The purpose of this step is to switch the DS for the zone to point to the KSK of the destination signer. The situation at the end of this step is shown in the diagram below:

To reach this situation, the following sub-steps need to be taken:

  1. Contact the parent zone (registry) to submit the new DS and to retract the old DS (some registries may allow you to do this in one interaction, others will have different policies for handling this situation)
  2. Wait for the new DS to appear in the parent zone
  3. Wait for the old DS to disappear from the parent zone
  4. Wait TTL(DS) to allow the DS exchange to propagate to caches

