[Opendnssec-user] Policy rollover fails
Rickard Bellgrim
rickard at opendnssec.org
Wed Dec 21 13:38:30 UTC 2011
> With a bit of patience I can get all keys rolled over and back to valid keys.
> I wouldn't advise anyone to do this in a production environment, but it is possible
> to get out of this situation by using normal ODS commands.
The command "ods-ksmutil key rollover --policy uvtonly --keytype ksk"
will perform a KSK key rollover on all of the zones attached to that
policy.
But you are talking about doing a policy rollover, switching from one
policy to another. That would be done by changing the policy in the
zonelist.xml.
The key states indicates that you are using standby keys, which is not
supported in the current version.
// Rickard
More information about the Opendnssec-user
mailing list