[Opendnssec-user] standby key no longer opendnssec 2.0

Mark Elkins mje at posix.co.za
Tue Nov 22 12:47:12 UTC 2016


Don't remove the documentation about stand-by keys, re-write it so when
someone looks for info on stand-by keys - they find out how it is now
done - with immediate roll-overs.. etc.

On 22/11/2016 14:02, Bas van den Dikkenberg wrote:
> @Yuri can you remove the standby key's from the documentation if they or no longer in 2.0
> 
> 
> -----Oorspronkelijk bericht-----
> Van: Opendnssec-user [mailto:opendnssec-user-bounces at lists.opendnssec.org] Namens Yuri Schaeffer
> Verzonden: dinsdag 22 november 2016 08:45
> Aan: opendnssec-user at lists.opendnssec.org
> Onderwerp: Re: [Opendnssec-user] standby key no longer opendnssec 2.0
> 
>>> Yes. This concept doesn't exist in 2.0.
>>
>> For both KSK and ZSK? I had the impression that standby keys are still 
>> possibkle for ZSK. I used them in 2.0.1, but then the rollover failed 
>> badly. Has it been removed completely in 2.0.3?
> 
> Standby keys where never a thing in any 2.0 release. The failed rollover involved standby keys but was not caused by it. The bugs in the migration script caused the problems.
> 
> When doing the migration, 2.0 was aware of these standby keys but they would not get any special treatment. Just regular old keys that it tried to phase out.
> 
> //Yuri
> 
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> 

-- 
Mark James ELKINS  -  Posix Systems - (South) Africa
mje at posix.co.za       Tel: +27.128070590  Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3854 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20161122/42bc0057/attachment.bin>


More information about the Opendnssec-user mailing list