[Opendnssec-user] Maximum key generation interval on 64-bit systems
Gavin Brown
gavin.brown at centralnic.com
Tue Jul 16 16:03:36 UTC 2013
>> Would keys be reused for new zones if they were previously associated
>> with a different zone? I don't like the idea of that.
>
> Yes (I just tested it with ODS 1.3.9).
>
> Keys will be generated in the HSM and are stored in the kasp.db. In
> kasp.db the active keys are assigned to a certain zone, but the
> "not-yet-active" keys are only assigned to a policy, thus they will also
> be used by zones which were added later, but use the same policy.
That makes sense. I'll bear that in mind if we move into production.
G.
--
Gavin Brown
Chief Technology Officer
CentralNic Ltd
Innovative, Reliable and Flexible Registry Services
for ccTLD, gTLD and private domain name registries
https://www.centralnic.com/
CentralNic Ltd is a company registered in England and Wales with company
number 4985780. Registered Offices: 35-39 Moorgate, London, EC2R 6AR.
More information about the Opendnssec-user
mailing list