[Opendnssec-user] Problem with KSK manual rollover
Jerry Lundström
jerry at opendnssec.org
Mon Mar 10 08:37:34 UTC 2014
Hi Erik,
On 10 mar 2014, at 08:52, "Erik P. Ostlyngen" <erik.ostlyngen at uninett.no>
wrote:
I understand. We'll use a 10 years or longer lifetime then. What
confused me is that OpenDNSSec created a new key and published it in
my zonefile, waiting for me to complete the rollover by issuing a
ds-seen command. This looks very similar to the automatic KSK rollover
(which also stops waiting for me to issue a ds-seen command). This
makes me wonder what difference the ManualRollover tag makes.
Ah, I see now why you might be confused.
ManualRollover is the default behavior of KSK, there is no automatic
because that would break your zone. Adding <ManualRollover> does not change
anything for the KSK.
--
Jerry Lundström - OpenDNSSEC Developer
http://www.opendnssec.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140310/d7050127/attachment.htm>
More information about the Opendnssec-user
mailing list