[Opendnssec-user] Re: Key pregeneration in shared-key policies
Sion Lloyd
sion at nominet.org.uk
Mon Sep 13 07:41:00 UTC 2010
On Friday 10 Sep 2010 1:58:54 pm Rick van Rein wrote:
> Hello Sion,
>
> If I try to pregenerate keys on policies with
>
> ods-ksmutil key generate --policy X --interval P30D
>
> then I would expect to see enough keys to last 30 days.
<snip>
> Any light you can shed on this is welcome.
The problem is that if you have no zones then you need no keys; so 0 keys
should last 30 days...
Do you see a message "No zones on policy [POLICY], skipping..."?
There is a simple patch for shared keys, because effectively the number of
zones is always 1. For policies with unshared keys we will have to add an
extra option so that the user can specify a number of zones to generate for...
Does that sound reasonable?
Sion
More information about the Opendnssec-user
mailing list