[Opendnssec-develop] Re: [OpenDNSSEC] #72: The "<ShareKeys/>"
OpenDNSSEC
owner-dnssec-trac at kirei.se
Wed Jan 13 08:32:55 UTC 2010
#72: The "<ShareKeys/>"
------------------------------------+---------------------------------------
Reporter: archi.laurent@… | Owner: rb
Type: enhancement | Status: assigned
Priority: trivial | Component: SoftHSM
Version: trunk | Keywords: <ShareKeys/>
------------------------------------+---------------------------------------
Changes (by rb):
* status: new => assigned
Comment:
Thanks for your comments. I have updated the documentation.
The <!-- and --> are used to mark text as a comment. Remove these and the
tag will be used.
If multiple zones are associated with a policy, the presence of
<ShareKeys/> indicates that a key can be shared between zones. E.g. if you
have 10 zones then you will only use one set of keys instead of 10 sets.
This will same space in your HSM. If this tag is absent, keys are not
shared between zones.
<ManualRollover/> is an optional tag. This tag indicate that the key
rollover will only be initiated on the command by the operator. There is
still a second step for the KSK, where the key needs to be published to
the parent before the rollover is completed. Read more in the chapter
"Running OpenDNSSEC". The ZSK rollover will although be fully automatic if
this tag is not present.
--
Ticket URL: <http://trac.opendnssec.org/ticket/72#comment:1>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC
More information about the Opendnssec-develop
mailing list