[Opendnssec-develop] Enforcer changes

Jakob Schlyter jakob at kirei.se
Mon May 24 07:42:56 UTC 2010

On 11 maj 2010, at 15.39, Sion Lloyd wrote:

> Basically I will move all the timings into the dnsseckeys table from the keypairs table and shake until it works. Then I can look at indexing tables etc... Note that this means v1.2 will need a different database structure and so will not be backwards compatible, does that seem reasonable to everyone?


> One question, should we be able to mark an instance of a key in a zone as compromised without marking other uses of that key? I think that marking one should mark them all (this changes which table the "compromisedflag" column goes in).

yes - if a keypair is compromised, all zones utilizing this keypair are affected.


More information about the Opendnssec-develop mailing list