[Opendnssec-develop] [OpenDNSSEC] #186: ZSK published/ready before backup -- breaks 2-phase commit
OpenDNSSEC
owner-dnssec-trac at kirei.se
Mon Oct 4 07:48:31 UTC 2010
#186: ZSK published/ready before backup -- breaks 2-phase commit
--------------------+-------------------------------------------------------
Reporter: vanrein | Owner: sion
Type: defect | Status: new
Priority: major | Component: Enforcer
Version: 1.1.1 | Keywords:
--------------------+-------------------------------------------------------
During today's 2-phase backup procedure, we noticed an unexpected
situation. The KASP had generated ZSK and already setup the published and
ready state, before the key was backed up. I can see the harmlessness of
doing this, but it was unexpected and it breaks (our) 2-phase backup
procedure, which assumes that keys reside in the GENERATED state until
they have been backed up.
Sion:
1. Can you explain why the key already rolled on, and if we can suppress
that behaviour?
2. Does your 2-phase backup procedure handle this properly?
Thanks,
-Rick
--
Ticket URL: <http://trac.opendnssec.org/ticket/186>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC
More information about the Opendnssec-develop
mailing list