[Opendnssec-user] Question about <ManualRollover/>

Jake Zack jake.zack at cira.ca
Mon Dec 5 19:38:16 UTC 2016


Should adding the <ManualRollover/> tag to both KSK and ZSK, then running "ods-ksmutil update kasp", change the "Date of next transition" as reported by "ods-ksmutil key list -verbose"?

Does ods-enforcer'd need to be kill -HUP'd to make this change take effect?

Am I right in understand that keys currently listed for rollover later in the month will in fact not be rolled over so long as the <ManualRollover/> tag is present?

Will the old rollover dates still be listed in the kasp database?  Does this mean that upon removing <ManualRollover/> that enforcerd will immediately roll the keys?

Are there any other negative side effects to using ManualRollover temporarily?

Our use case:

                New TLD coming online as a customer - currently signed
                Need losing provider to publish and sign our DNSKEY's
                ZSK DNSKEY is currently set to expire inside the DNS Operator transition window

Thanks all,
-jake
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20161205/cef91122/attachment.htm>


More information about the Opendnssec-user mailing list