[Opendnssec-develop] Another day, another database change...

sion at nominet.org.uk sion at nominet.org.uk
Thu Aug 13 15:27:42 UTC 2009

Hi there,

I've got another change to the enforcer database (svn r1614), like
yesterdays it is trivial and I have provided a migration script so run:

sqlite3 <PATH_TO_ENFORCER.DB> < enforcer/utils/migrate_090813_1.sqlite3

(You will also need to run yesterdays script if you have not already; or
nuke your database with ksmutil setup.) Unlike yesterday this one is needed
to run the latest communicated and possibly ksmutil [setup|update] (it
depends on your conf.xml).

This commit adds a check for keys being backed up and warns or throws an
error depending on how your repository is set up.

If you use the migration script then RequireBackup will be set to "true" by
default for any existing repositories; run ksmutil update to sync your db
with your conf.xml if this is not what you want.

So the new messages are:

ERROR: Trying to make non-backed up [KSK|ZSK] active when RequireBackup
flag is set
Signconf not written for [ZONE]


WARNING: Making non-backed up [KSK|ZSK] active, PLEASE make sure that you
know the potential problems of using keys which are not recoverable


More information about the Opendnssec-develop mailing list