[Opendnssec-user] Key rollover over due
刘硕
shuoleo at 126.com
Thu Jul 19 12:40:50 UTC 2012
Hi Tom,
>I have integrated ods backups in my regular backup scheme, dumping all
>keys every night, and marking them as backed up afterwards. This way,
>you don't need to monitor anything. Very practical, especially when
>you're using shortlived ZSK keys as you seem to do.
It's very useful. A regular backup scheme is helpful, I will think about it.
But how to set the specific rate, do you think backuping keys once per day does not affect normal keyrollover? Can you share your policy configuration with me ?
>But it's not sure from your e-mail that RequireBackup was the actual
>culprit for your issue. If it was, you should find messages in your
>syslog from enforcerd telling you so:
>2012-07-17T07:11:55+02:00 christine ods-enforcerd: ERROR: Trying to make
>non-backed up ZSK active when RequireBackup flag is set
Yes, there are messages just like the above one, that's why I think the backup work matters with keyrollover.
Regards,
Stuart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120719/06ae368b/attachment.htm>
More information about the Opendnssec-user
mailing list