[Opendnssec-user] Re: Key rollover over due

Jerry Lundström jerry at opendnssec.org
Mon Jul 23 06:40:28 UTC 2012

Hi Fred,

On Fri, Jul 20, 2012 at 1:19 PM, Fred Zwarts (KVI) <F.Zwarts at kvi.nl> wrote:
> What does that mean exactly? Will OpenDNSSEC continue to sign the zone with
> the old key until the backup notification is done, or will it stop signing
> the zone, because the old key is retiring and the new key is not yet ready?

For what I know, if the Signer have received a key to sign the zone
with it will continue to do that. Key management is handled by the
Enforcer and it will not use a new key until you back it up if that
repository is marked with RequireBackup.


More information about the Opendnssec-user mailing list