[Opendnssec-user] Maximum key generation interval on 64-bit systems

Gavin Brown gavin.brown at centralnic.com
Tue Jul 16 16:03:36 UTC 2013


>> Would keys be reused for new zones if they were previously associated
>> with a different zone? I don't like the idea of that.
> 
> Yes (I just tested it with ODS 1.3.9).
> 
> Keys will be generated in the HSM and are stored in the kasp.db. In
> kasp.db the active keys are assigned to a certain zone, but the
> "not-yet-active" keys are only assigned to a policy, thus they will also
> be used by zones which were added later, but use the same policy.

That makes sense. I'll bear that in mind if we move into production.

G.

-- 
Gavin Brown
Chief Technology Officer
CentralNic Ltd
Innovative, Reliable and Flexible Registry Services
for ccTLD, gTLD and private domain name registries
https://www.centralnic.com/

CentralNic Ltd is a company registered in England and Wales with company
number 4985780. Registered Offices: 35-39 Moorgate, London, EC2R 6AR.



More information about the Opendnssec-user mailing list