[Opendnssec-user] Force a fast key rollover
Klaus Darilion
klaus.mailinglists at pernau.at
Fri Jun 28 08:09:13 UTC 2013
On 28.06.2013 01:53, Sebastian Castro wrote:
> On 28/06/13 03:15, Klaus Darilion wrote:
>> Hi!
>
> Hi!,
>
>>
>> When initiating a key rollover, OpenDNSSEC does not immediately use the
>> new key, but uses the PUBLISH state (at least for ksk) for some time
>> before activating the key (before "waiting for DS"),
>>
>> How can I force ODS to immediately activate a new KSK and ZSK, without
>> these "pre-activate" phases?
>
> Do you have a use case for that? Unless is the first publication of a
> signed zone, you don't want to skip the PUBLISH phase.
In my case it is for testing, to speed up roll overs.
btw: is there somewhere a description of the possible key states and how
a key is used depending on its key state? I can't find it.
Thanks
Klaus
More information about the Opendnssec-user
mailing list