[Opendnssec-user] no signconf/foo.xml

Randy Bush randy at psg.com
Tue Jan 9 05:09:45 UTC 2018


>> i believe the problem was soft-hsm backup was needed and i had not
>> gotten to that check in my daily manual ritual.  why soft-hsm backup 
>> is manual, is something i have yet to understand.
> 
> For OpenDNSSEC it is a policy thing. You can configure it to use any key
> available or only allow keys that are explicitly marked as backed up by
> the user.

it would seem to be ill-advised to use a key which is not backed up

> How the HSM (SoftHSM or otherwise) manages/automates its backups is out
> of scope for ODS.

no comment



More information about the Opendnssec-user mailing list