[Opendnssec-user] key management bug / operator error

Siôn Lloyd sion at nominet.org.uk
Tue Jan 17 08:49:53 UTC 2012

On 17/01/12 07:38, Rickard Bellgrim wrote:
>> I guess this is not really a bug, though there is some state mismatch
>> between HSM and opendnssec. Perhaps in a later version with some
>> architecture change, the ksm/ksm could be better integrated so these
>> types of state mismatch would not happen anymore?
> Sion has implemented a "ods-ksmutil key delete" command in trunk which
> will be part of the 1.4 release. The best way is to delete a key using
> the Enforcer, so it also can remove the corresponding state.

Another change in trunk that would have helped here is that key 
generation now tells you how many KSKs and ZSKs will be generated, and 
it gives you the opportunity to quit at that point.


More information about the Opendnssec-user mailing list