[Opendnssec-user] RE: Enforcer NG alpha-3 snapshot
paul at nohats.ca
Mon Jun 18 17:11:23 UTC 2012
On Mon, 18 Jun 2012, Sara Dickinson wrote:
> The major changes over the alpha-2 snapshot are the implementation of both MySQL and SQLite database backends and support for pre-generation of keys on the HSM. For details see: http://svn.opendnssec.org/tags/OpenDNSSEC-2.0.0a3/NEWS
What do you mean with "Enforcer: Pre-generate keys on the HSM"?
I was already pre-generating keys with an HSM, though experienced that
multiple opendnssec instances with multiple HSMs did not pick the same
key order when rolling the ZSK.
The man page for ods-ksmutil already states:
"If configured to, OpenDNSSEC will automatically create keys when
the need arises. This command can be used to pregenerate keys
(maybe for the expected lifetime of an HSM)"
So I am a little confused what this new option does.
More information about the Opendnssec-user