[Opendnssec-user] other rollover problem

Siôn Lloyd sion at nominet.org.uk
Thu Jun 16 12:59:13 UTC 2011


On 13/06/11 16:23, Mathieu Arnold wrote:
> So, I went back to the database, and updated the keypairs' policy_id (and
> the dnsseckeys' retire while I was at it.) and there I was, the enforcer
> was nice enough to publish new KSK.
>
> I guess changing a zone's policy is not something that's done often, and
> I'm not sure of what should be done to it's keys when it happens, but, it
> would be nice to be able to have everything just work if it's the case.
>

Which version of OpenDNSSEC are you running? I think that this issue is 
fixed in 1.3 (although it went in a commit, 4522, that described other 
code changes, sorry about that).

I'll do some testing on it to see if it really works and then we can 
back port it into the 1.2 branch.

Sion



More information about the Opendnssec-user mailing list