[Opendnssec-user] Problems triggered by a zone removal in ODS 1.3.8.
Siôn Lloyd
sion at nominet.org.uk
Thu May 24 14:36:33 UTC 2012
On 24/05/12 14:42, Sander Smeenk wrote:
> Quoting Göran Bengtson (goeran at chalmers.se):
>
>> 2 This is serious. Immediately after the ods-ksmutil update command
>> is given ODS gets seriously confused about the keys in ANOTHER,
>> remaining zone. A new ZSK key is generated, and the active ZSK
>> dissapears (is not used anymore). ods-ksmutil key list
>> only show the KSK key and the newly generated ZSK key (in publish
>> state).
> This is (almost?) exactly what happend in my setup yesterday.
>
>
I think that I have found out what is going on; if you delete a zone
that is on a policy that does not share keys the wrong keys can be deleted.
I'm just checking my fix; but for now if your policy does not share keys
then I'd advise you not to delete zones.
Sion
More information about the Opendnssec-user
mailing list