[Opendnssec-develop] EnfNG 2nd Alpha
Yuri Schaeffer
yuri at NLnetLabs.nl
Mon Oct 10 12:36:18 UTC 2011
> Release early, release often! Just say the magic word.
Magic word? hmm...
Go-Go-Gadget-Release?
Changes since first alpha release:
- Support for RollOverType in kasp.xml
- Fixed concurrency related crashes.
- Automatically retract never submitted DS records.
- Schedule the purging of keys.
Alpha 2 introduces the KskRollType, ZskRollType, and CskRollType
elements in kasp.xml for use in the KSK, ZSK and CSK sections.
Valid values are:
[ KskDoubleRRset | KskDoubleDS | KskDoubleSignature |
ZskDoubleSignature | ZskPrePublication | ZskDoubleRRsig |
CskDoubleRRset | CskSingleSignature | CskDoubleDS |
CskDoubleSignature | CskPrePublication ]
These values correspond directly with the rollover types described
in the Internet Draft: draft-mekking-dnsop-dnssec-key-timing-bis-02
The various Rollover Types influence the traffic to your zone and the
speed of a rollover. The enforcer uses them as a strong hint, in
case of a conflict (for example ZskPrePublication is impossible
during a algorithm rollover) these hints are relaxed.
--
Yuri Schaeffer
NLnet Labs
http://www.nlnetlabs.nl
More information about the Opendnssec-develop
mailing list