[Opendnssec-user] enforcer-ng produces suspicious number of ZSKs
Jerry Lundström
jerry at opendnssec.org
Wed Mar 12 05:25:10 UTC 2014
Hi Petr,
On Wed, Mar 12, 2014 at 4:48 AM, Paul Wouters <paul at nohats.ca> wrote:
> On Tue, 11 Mar 2014, Petr Spacek wrote:
>
> generating 1 KSKs of 2048 bits for policy 'default'.
>> generating 5 ZSKs of 1024 bits for policy 'default'.
>>
>
> It generated one year's worth of keys. With a 365D lifetime for KSK,
> that means 1 key. With a 90D ZSK lifetime, that means 5.
>
As Paul pointed out, I think you missed the <AutomaticKeyGenerationPeriod>
option in conf.xml. You will need to lower it if your using the lab policy.
--
Jerry Lundström - OpenDNSSEC Developer
http://www.opendnssec.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140312/6e80ffa7/attachment.htm>
More information about the Opendnssec-user
mailing list