[Opendnssec-user] Expected behavior when changing zone policy and problem with key generation
Sebastian Wiesinger
sebastian at karotte.org
Tue Jul 28 08:38:31 UTC 2015
* Yuri Schaeffer <yuri at nlnetlabs.nl> [2015-07-28 10:03]:
> > Is this expected behavior when changing policies? The keys for
> > policy 'lab' and 'default' have the same algorithms and key
> > lengths.
>
> Yes it is. Keys are tight to policies.
Hello Yuri, thank you for your answer.
So would it be okay to change timing/ttl parameters in the policy
itself?
> > When adding the zone I noticed that no keys were generated for the
> > zone:
>
> OpenDNSSEC pre-generates keys for later use. Likely a formerly
> generated but unused key was still available.
But the keylist was empty (there are no other zones in the zonelist at
the moment) and the zone was not signed at all.
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
More information about the Opendnssec-user
mailing list