[Opendnssec-user] KSK Rollover and Key/Policy Change

Scott Armitage S.P.Armitage at lboro.ac.uk
Thu Jan 27 18:13:35 UTC 2011

During a testing / setup phase I was signing a .eu zone and the KSK was published in the ISC DLV.  I have now reached the stage of putting the KSK in the parent nameserver, only to discover they don't support protocol 8.  I therefore have to generate a new KSK using protocol 7.  To do this, I created a new kasp policy (as other zones share the default) and changed the KSK to protocol 7.  However, when I issue a KSK rollover for the zone it doesn't show a new key when I list the keys.  I have issued an update-all (and even ods-control stop / start), am I doing something wrong or should a new key appear in the key database?

Scott Armitage

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 203 bytes
Desc: This is a digitally signed message part
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20110127/828cbe6a/attachment.bin>

More information about the Opendnssec-user mailing list