[Opendnssec-user] Problem with KSK manual rollover

Jerry Lundström jerry at opendnssec.org
Mon Mar 10 07:25:35 UTC 2014


Hi Erik,

On 10 mar 2014, at 07:54, "Erik P. Ostlyngen" <erik.ostlyngen at uninett.no>
wrote:



My reason for having a 4h key lifetime here is that I wanted to
observe what OpenDNSSec does at the time of key rollover. The question
(which was not so clear in my first message) is whether the
ManualRollover tag prevents OpenDNSSec from initiating an automatic
rollover when the key expires? That is what I expected, but OpenDNSSec
seems to roll the key regardless of the ManualRollover tag. Maybe the
tag has a different purpose than what I thought it had?


>From what you said in your previous email everything is working as it
should. It did not roll the KSK but it prepared a new KSK for you to roll
to since you have 4h lifetime. If you don't wish to have that behavior you
need to set a lifetime like 10-100 years.

/Jerry

-- 
Jerry Lundström - OpenDNSSEC Developer
http://www.opendnssec.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140310/ce384851/attachment.htm>


More information about the Opendnssec-user mailing list