[Opendnssec-user] other rollover problem

Mathieu Arnold mat at mat.cc
Thu Jun 16 13:24:47 UTC 2011

+--On 16 juin 2011 13:59:13 +0100 Siôn Lloyd <sion at nominet.org.uk> wrote:
| On 13/06/11 16:23, Mathieu Arnold wrote:
|> So, I went back to the database, and updated the keypairs' policy_id (and
|> the dnsseckeys' retire while I was at it.) and there I was, the enforcer
|> was nice enough to publish new KSK.
|> I guess changing a zone's policy is not something that's done often, and
|> I'm not sure of what should be done to it's keys when it happens, but, it
|> would be nice to be able to have everything just work if it's the case.
| Which version of OpenDNSSEC are you running? I think that this issue is
| fixed in 1.3 (although it went in a commit, 4522, that described other
| code changes, sorry about that).

Still 1.2.1, I'm not brave enough (well, I am, but I lack time) to run
trunk or release candidates.

| I'll do some testing on it to see if it really works and then we can back
| port it into the 1.2 branch.

Great :-)

Mathieu Arnold

More information about the Opendnssec-user mailing list