[Opendnssec-user] Trying to purge a key with "unknown key state"
Paul Wouters
paul at nohats.ca
Thu Jan 10 23:38:24 UTC 2013
On Wed, 9 Jan 2013, Jerry Lundström wrote:
> On 9 jan 2013, at 06:47, Paul Wouters <paul at nohats.ca> wrote:
>
>> It might be useful to not allow different algorithm keys to be
>> associated to a single zone, since algorithm rollover isn't
>> supported yet. And it really upsets the signer daemon so it
>> stops working.
>
> Could you provide step by step (+command line) how you did this and
> version so we can replicate and fix it?
I cannot tell for sure as I did not do it, but I think along the lines
of:
Run a zone with algo 7. Edit default policy and change to algo 8. Run
ods-ksmutil update all. Attempt to initiate a KSK rollover.
Paul
More information about the Opendnssec-user
mailing list