[Opendnssec-user] What should happen when you change the policy for a zone

Carlos M. Martinez carlos at lacnic.net
Thu Jan 27 11:43:19 UTC 2011


Hi Sion,

I faced similar issues during my testing period of OpenDNSSEC. Could you
provide us with some advice on how to implement a policy change in order
to avoid this issue?

warm regards

Carlos Martinez
LACNIC

On 1/27/11 9:29 AM, Sion Lloyd wrote:
> On Wednesday 26 Jan 2011 10:16:39 AM Rickard Bellgrim wrote:
>> On 19 jan 2011, at 23.28, Sebastian Castro wrote:
>>> Back to the original subject: This test should work or not? Is
>>> OpenDNSSEC prepared for a policy change for a zone?
>> It should work.
>>
>> Sion, could you have a look on this?
> Sorry it took me a while to get time to look at this. It should work... Could 
> you send me your kasp.db (off-list) and I'll see what is going on.
>
> I suspect that it is stopping the roll because there are no ready keys on the 
> new policy, but not promoting any keys because there is a ready key on the 
> zone... In other words it might be a consequence of the state of keys on the 
> zone at the time that you changed the policy.
>
> Cheers,
>
> Sion
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

-- 
Carlos M. Martinez
LACNIC I+D
PGP KeyID 0xD51507A2
Phone: +598-2604-2222 ext. 4419

-------------- next part --------------
A non-text attachment was scrubbed...
Name: carlos.vcf
Type: text/x-vcard
Size: 194 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20110127/756cf212/attachment.vcf>


More information about the Opendnssec-user mailing list