[Opendnssec-user] *WARNING* message

Fredrik Pettai pettai at nordu.net
Fri Jan 6 09:57:10 UTC 2012


On Jan 6, 2012, at 9:43 AM, Siôn Lloyd wrote:
> On 05/01/12 12:56, Fredrik Pettai wrote:
>> Ok, I'm not 100% sure how I should interpret this warning:
>> 
>> # ods-ksmutil key rollover --zone eduid.se --keytype ZSK
>> SQLite database set to: /var/opendnssec/kasp.db
>> *WARNING* This zone shares keys with others, all instances of the active key on this zone will be retired; are you sure? [y/N] N
>> Okay, quitting...
>> 
>> Isn't it just one instance of the active (ZSK) key for my zone? Does it mean that the other zones using the same key will continue as normal? Maybe this warning message could be written in a better way.
> 
> The message is confusing, I'll reword it.
> 
> What it means is that every zone that shares this key will be rolled. (The fact that the rollover command is being used to force a roll is taken as an indicator that this key is no longer trusted.)

Ok, thanks for clarifying!

/P


More information about the Opendnssec-user mailing list