[Opendnssec-user] other rollover problem
sion at nominet.org.uk
Thu Jun 16 12:59:13 UTC 2011
On 13/06/11 16:23, Mathieu Arnold wrote:
> So, I went back to the database, and updated the keypairs' policy_id (and
> the dnsseckeys' retire while I was at it.) and there I was, the enforcer
> was nice enough to publish new KSK.
> I guess changing a zone's policy is not something that's done often, and
> I'm not sure of what should be done to it's keys when it happens, but, it
> would be nice to be able to have everything just work if it's the case.
Which version of OpenDNSSEC are you running? I think that this issue is
fixed in 1.3 (although it went in a commit, 4522, that described other
code changes, sorry about that).
I'll do some testing on it to see if it really works and then we can
back port it into the 1.2 branch.
More information about the Opendnssec-user