[Opendnssec-user] RE: Enforcer NG alpha-3 snapshot

Paul Wouters paul at nohats.ca
Mon Jun 18 17:11:23 UTC 2012

On Mon, 18 Jun 2012, Sara Dickinson wrote:

Hi Sara,

> The major changes over the alpha-2 snapshot are the implementation of both MySQL and SQLite database backends and support for pre-generation of keys on the HSM. For details see: http://svn.opendnssec.org/tags/OpenDNSSEC-2.0.0a3/NEWS

What do you mean with "Enforcer: Pre-generate keys on the HSM"?

I was already pre-generating keys with an HSM, though experienced that
multiple opendnssec instances with multiple HSMs did not pick the same
key order when rolling the ZSK.

The man page for ods-ksmutil already states:

 	"If configured to, OpenDNSSEC will automatically create keys when
 	the  need  arises.  This command can be used to pregenerate keys
 	(maybe for the expected lifetime of an HSM)"

So I am a little confused what this new option does.



More information about the Opendnssec-user mailing list