[Opendnssec-user] Changing the <Algorithm> has no effect

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Feb 3 08:44:10 UTC 2010

In want to use SHA-256 for signing so I changed kasp.xml:

                       <!-- Parameters for KSK only -->
                                <Algorithm length="2048">8</Algorithm>

                        <!-- Parameters for ZSK only -->
                                <Algorithm length="1024">8</Algorithm>

and I ran a "ksmutil update all". No error message but, at the next
resigning, everything is still done with algorithm 7. What did I
forget? Should I simply wait for the next key rollover?

More information about the Opendnssec-user mailing list