[Opendnssec-user] Problem with KSK manual rollover
Erik P. Ostlyngen
erik.ostlyngen at uninett.no
Mon Mar 10 06:54:14 UTC 2014
On 03/09/2014 04:54 PM, Jakob Schlyter wrote:
> On 7 mar 2014, at 20:02, Erik Østlyngen <erik.ostlyngen at uninett.no>
> wrote:
>
>> <Lifetime>PT4H</Lifetime>
>
> I usually set this to 10 years or so when I expect manual key
> rollover.
My reason for having a 4h key lifetime here is that I wanted to
observe what OpenDNSSec does at the time of key rollover. The question
(which was not so clear in my first message) is whether the
ManualRollover tag prevents OpenDNSSec from initiating an automatic
rollover when the key expires? That is what I expected, but OpenDNSSec
seems to roll the key regardless of the ManualRollover tag. Maybe the
tag has a different purpose than what I thought it had?
Erik Østlyngen
UNINETT Norid
More information about the Opendnssec-user
mailing list