[Opendnssec-user] OpenDNSSEC 2.1.4 and manual ZSK rollover
Michael Grimm
trashcan at ellael.org
Thu Dec 5 21:10:14 UTC 2019
Hi,
after reading the documentation and manual pages I do have difficulties in understanding the complete process of a manual ZSK rollover intervention when all rollovers are normally performed automatically.
Example:
1) Running 'ods-enforcer key rollover --keytype zsk —zone XYZ' at 10:00 on 2019-12-05, I do immediately see (e.g):
XYZ ZSK active 2019-12-05 22:00:00 2048 8 11111
XYZ ZSK publish 2019-12-05 22:00:00 1280 8 22222
2) Thus, 12 hours later the newly generated ZSK will become published.
Ok, understood.
But how does one continue when one wants to speed up the remaining process of publication and retirement? I couldn't find specific parameters in the documentation to override those in kasp.xml. Does one need to modify the relevant timing settings in kasp.xml, instead?
Background: I want to 1) modify my ZSK key length and 2) modify algorithms (from 8 to 13) for both KSK and ZSK afterwards. This I want to speed up somehow. (Yes I am aware of the implications if the rollover is too short.)
Thanks in advance and with kind regards,
Michael
More information about the Opendnssec-user
mailing list