[Opendnssec-user] standby key no longer opendnssec 2.0

Bas van den Dikkenberg bas at Dikkenberg.net
Tue Nov 22 11:49:25 UTC 2016


How can shorten the time of keystate generate to publish it's now 1 day .


Bas


-----Oorspronkelijk bericht-----
Van: Opendnssec-user [mailto:opendnssec-user-bounces at lists.opendnssec.org] Namens Yuri Schaeffer
Verzonden: dinsdag 22 november 2016 08:45
Aan: opendnssec-user at lists.opendnssec.org
Onderwerp: Re: [Opendnssec-user] standby key no longer opendnssec 2.0

>> Yes. This concept doesn't exist in 2.0.
> 
> For both KSK and ZSK? I had the impression that standby keys are still 
> possibkle for ZSK. I used them in 2.0.1, but then the rollover failed 
> badly. Has it been removed completely in 2.0.3?

Standby keys where never a thing in any 2.0 release. The failed rollover involved standby keys but was not caused by it. The bugs in the migration script caused the problems.

When doing the migration, 2.0 was aware of these standby keys but they would not get any special treatment. Just regular old keys that it tried to phase out.

//Yuri




More information about the Opendnssec-user mailing list