[Opendnssec-user] What should happen when you change the policy for a zone

Sion Lloyd sion at nominet.org.uk
Thu Jan 27 11:29:27 UTC 2011

On Wednesday 26 Jan 2011 10:16:39 AM Rickard Bellgrim wrote:
> On 19 jan 2011, at 23.28, Sebastian Castro wrote:
> > Back to the original subject: This test should work or not? Is
> > OpenDNSSEC prepared for a policy change for a zone?
> It should work.
> Sion, could you have a look on this?

Sorry it took me a while to get time to look at this. It should work... Could 
you send me your kasp.db (off-list) and I'll see what is going on.

I suspect that it is stopping the roll because there are no ready keys on the 
new policy, but not promoting any keys because there is a ready key on the 
zone... In other words it might be a consequence of the state of keys on the 
zone at the time that you changed the policy.



More information about the Opendnssec-user mailing list