[Opendnssec-develop] [OpenDNSSEC] #186: ZSK published/ready before backup -- breaks 2-phase commit

OpenDNSSEC owner-dnssec-trac at kirei.se
Mon Oct 4 07:48:31 UTC 2010

#186: ZSK published/ready before backup -- breaks 2-phase commit
Reporter:  vanrein  |       Owner:  sion    
    Type:  defect   |      Status:  new     
Priority:  major    |   Component:  Enforcer
 Version:  1.1.1    |    Keywords:          
 During today's 2-phase backup procedure, we noticed an unexpected
 situation.  The KASP had generated ZSK and already setup the published and
 ready state, before the key was backed up.  I can see the harmlessness of
 doing this, but it was unexpected and it breaks (our) 2-phase backup
 procedure, which assumes that keys reside in the GENERATED state until
 they have been backed up.

 1. Can you explain why the key already rolled on, and if we can suppress
 that behaviour?
 2. Does your 2-phase backup procedure handle this properly?


Ticket URL: <http://trac.opendnssec.org/ticket/186>
OpenDNSSEC <http://www.opendnssec.org/>

More information about the Opendnssec-develop mailing list