[Opendnssec-user] Key rollover over due

Tom Hendrikx tom at whyscream.net
Thu Jul 19 07:09:36 UTC 2012


On 7/19/12 7:20 AM, Áõ˶ wrote:
> 
> I made <RequireBackup> valid in conf.xml, maybe I did not backup the
> new ZSK with command so the automatic did not work properly. So do I
> have to monitor the newly auto-created key and make it backup in
> order not to disturb the regular key rollover?
> 

I have integrated ods backups in my regular backup scheme, dumping all
keys every night, and marking them as backed up afterwards. This way,
you don't need to monitor anything. Very practical, especially when
you're using shortlived ZSK keys as you seem to do.

But it's not sure from your e-mail that RequireBackup was the actual
culprit for your issue. If it was, you should find messages in your
syslog from enforcerd telling you so:

2012-07-17T07:11:55+02:00 christine ods-enforcerd: ERROR: Trying to make
non-backed up ZSK active when RequireBackup flag is set

Regards,
	Tom



More information about the Opendnssec-user mailing list