[Opendnssec-user] key management bug / operator error
sion at nominet.org.uk
Tue Jan 17 08:49:53 UTC 2012
On 17/01/12 07:38, Rickard Bellgrim wrote:
>> I guess this is not really a bug, though there is some state mismatch
>> between HSM and opendnssec. Perhaps in a later version with some
>> architecture change, the ksm/ksm could be better integrated so these
>> types of state mismatch would not happen anymore?
> Sion has implemented a "ods-ksmutil key delete" command in trunk which
> will be part of the 1.4 release. The best way is to delete a key using
> the Enforcer, so it also can remove the corresponding state.
Another change in trunk that would have helped here is that key
generation now tells you how many KSKs and ZSKs will be generated, and
it gives you the opportunity to quit at that point.
More information about the Opendnssec-user