Just update the nostr.json, that should fix it.
Discussion
Nothing to update, same keypair
He's trying to recover the old keypair, not updating the NIP-05 alias to the new keypair.
Add nvk2 and have it verified on nvk.org, that at least solves the trust issue.
He can sign with his old privkey a statement to verify his new keypair, as he has not lost control of the old key.
Much better than using NIP-05, as that needs trust in lots of systems (DNS hierarchy, webserver security, etc), imo.
Why trust any nip-05 then? It’s a much more visible and user friendly instructor. It would be an appropriate measure to take.
Exactly, NIP-05 should be considered as an alias, not as complete verification.
The identity relies in the keypair, not in the DNS domain.