[Opendnssec-user] Migration to 2.0.1
Fred.Zwarts
F.Zwarts at KVI.nl
Tue Aug 9 12:52:17 UTC 2016
Today I tried to migrate from ods 1.4.10 to 2.0.1 on our test system.
After the migration of the database and after adding the keytags I started
ods the new ods and it seems to run.
The first thing I noticed is that there are now some keys in the state
"waiting for ds-gone". I have the impression that these are our backup KSK
keys. Is this normal? I found that there is now a command "ods-enforcer key
ds-gone". This brings the keys to the state "retire". What is the idea
behind this?
I further noticed that "ods-enforcer key list" lists the keys in a different
order. Previously, all keys of a domain were listed together. Now I do not
immediately see how they are sorted. It makes it a bit more difficult to see
the state of a zone, but it can be easily worked around with the --zone
option.
Then I see that the output from "ods-enforcer backup list -v" is very
different from what previously was shown with "ods-ksmutil backup list -v".
The latter listed the backups with a date/time, but now I see a list of
hexadecimal numbers. What does it mean?
Thanks for your attention,
Fred.Zwarts.
More information about the Opendnssec-user
mailing list