[Opendnssec-develop] Key necromancy?
Siôn Lloyd
sion at nominet.org.uk
Wed Sep 7 14:39:50 UTC 2011
On 07/09/11 14:47, Jakob Schlyter wrote:
> During the training, the following events could be observed:
>
> - Add a new zone
> - Add keys (broken keys, so student changes his mind)
> - Remove zone to start over. Keys gone.
> - Add zone again
> - Import new keys (old keys gone, new set of keys looking good)
>
> ... wait a while ...
>
> - Old keys suddenly resurrected and associated with zone.
>
>
> oops?
>
Certainly seems like an oops.
Is this all within the enforcer (we are not looking at old copies of
signconf)?
Currently we do not delete keys that are in the generate state, the
theory being that they have never been published and so should be good
for use with another zone. Is it these keys that are coming back?
Sion
More information about the Opendnssec-develop
mailing list