[Opendnssec-user] What should happen when you change the policy for a zone
Sion Lloyd
sion at nominet.org.uk
Thu Jan 27 11:29:27 UTC 2011
On Wednesday 26 Jan 2011 10:16:39 AM Rickard Bellgrim wrote:
> On 19 jan 2011, at 23.28, Sebastian Castro wrote:
> > Back to the original subject: This test should work or not? Is
> > OpenDNSSEC prepared for a policy change for a zone?
>
> It should work.
>
> Sion, could you have a look on this?
Sorry it took me a while to get time to look at this. It should work... Could
you send me your kasp.db (off-list) and I'll see what is going on.
I suspect that it is stopping the roll because there are no ready keys on the
new policy, but not promoting any keys because there is a ready key on the
zone... In other words it might be a consequence of the state of keys on the
zone at the time that you changed the policy.
Cheers,
Sion
More information about the Opendnssec-user
mailing list