[Opendnssec-develop] [OpenDNSSEC] #186: ZSK published/ready before backup -- breaks 2-phase commit

OpenDNSSEC owner-dnssec-trac at kirei.se
Mon Oct 4 09:48:31 CEST 2010


#186: ZSK published/ready before backup -- breaks 2-phase commit
--------------------+-------------------------------------------------------
Reporter:  vanrein  |       Owner:  sion    
    Type:  defect   |      Status:  new     
Priority:  major    |   Component:  Enforcer
 Version:  1.1.1    |    Keywords:          
--------------------+-------------------------------------------------------
 During today's 2-phase backup procedure, we noticed an unexpected
 situation.  The KASP had generated ZSK and already setup the published and
 ready state, before the key was backed up.  I can see the harmlessness of
 doing this, but it was unexpected and it breaks (our) 2-phase backup
 procedure, which assumes that keys reside in the GENERATED state until
 they have been backed up.

 Sion:
 1. Can you explain why the key already rolled on, and if we can suppress
 that behaviour?
 2. Does your 2-phase backup procedure handle this properly?

 Thanks,
  -Rick

-- 
Ticket URL: <http://trac.opendnssec.org/ticket/186>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC


More information about the Opendnssec-develop mailing list