[Opendnssec-user] Duration key mamagament

Stéphane Diacquenod sdiacque at citic74.fr
Fri Feb 19 13:23:21 UTC 2010


I make some test with OpenDNSSEC and I have some difficulty to configure 
the key rollover.

There is 4 state for a key (Publish, Ready, Active and retire)
Isn't it possible to configure the duration of each state ?
e.g. :
Publish P5D ->Ready P30D->Active P30D ->Retire P30D->DEAD

With the actual configuration how do you make for have one key in each 
state ?
KEY1 : Publish >Ready >Active >Retire >DEAD
KEY2 :                 Publish >Ready >Active >Retire >DEAD
KEY3 :                                 Publish >Ready >Active>Retire >DEAD

I think it's important to always have a key in Ready state for the 
emergency rollover !

Thanks for your answer

Stéphane Diacquenod

More information about the Opendnssec-user mailing list