[Opendnssec-user] moving zone from lab to default

Yuri Schaeffer yuri at nlnetlabs.nl
Thu Mar 31 08:25:52 UTC 2016


Hi Fredrik,

> When I was happy with it, I got my DS records published in the .net zone
> and after that I wanted to move the zone to policy default. Turns out,
> keys are secretly associated with policys for some reason, so opendnssec
> wanted to generate a new KSK but failed since the YubikeyNEO4PIV
> repository doesn't support key generation. I did not want to generate
> new KSKs.

As far as I know OpenDNSSEC 1.x does not support this kind of operation.
Keys are linked to a policy since the policy dictates their parameters
and more important lifetime and TTL's.

> How should one go about moving a zone from one policy to another? Don't
> tell me how to do it in sqlite3, I've already figured that out ;).

This is IMHO your best/only option.

regards,
Yuri

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20160331/3b39d72d/attachment.bin>


More information about the Opendnssec-user mailing list