[Opendnssec-user] KSK Rollover and Key/Policy Change
Scott Armitage
S.P.Armitage at lboro.ac.uk
Thu Jan 27 18:13:35 UTC 2011
During a testing / setup phase I was signing a .eu zone and the KSK was published in the ISC DLV. I have now reached the stage of putting the KSK in the parent nameserver, only to discover they don't support protocol 8. I therefore have to generate a new KSK using protocol 7. To do this, I created a new kasp policy (as other zones share the default) and changed the KSK to protocol 7. However, when I issue a KSK rollover for the zone it doesn't show a new key when I list the keys. I have issued an update-all (and even ods-control stop / start), am I doing something wrong or should a new key appear in the key database?
Scott Armitage
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 203 bytes
Desc: This is a digitally signed message part
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20110127/828cbe6a/attachment.bin>
More information about the Opendnssec-user
mailing list