[Opendnssec-user] OpenDNSSEC 2.1.4 and manual ZSK rollover
Michael Grimm
trashcan at ellael.org
Sat Dec 7 16:27:13 UTC 2019
Michael Grimm <trashcan at ellael.org> wrote:
> after reading the documentation and manual pages I do have difficulties in understanding the complete process of a manual ZSK rollover intervention when all rollovers are normally performed automatically.
[…]
> But how does one continue when one wants to speed up the remaining process of publication and retirement? I couldn't find specific parameters in the documentation to override those in kasp.xml. Does one need to modify the relevant timing settings in kasp.xml, instead?
Well I did add another policy to my kasp.xml in order to test a 'speedy' policy. All of my zones have been part of the 'default' policy in kasp.xml, sofar.
Now I do not understand how one would modify the policy of one of my zones (XYZ) from 'default' to 'speedy'?
According the ods-enforcer manual page only the following relevant options exist (if I am not mistaken):
| ods-enforcer zone list | add | delete
Does one use 'ods-enforcer zone add --zone XYZ --policy speedy' instead?
(I didn't try that without fully understanding the implications, yet.)
I could achieve a modification via zonelist.xml (which has been empty before):
1) zonelist export
2) manually modify the policy of the XYZ zone entry
3) zonelist import
BUT, according https://wiki.opendnssec.org/display/DOCS20/zonelist.xml
| Its use is discouraged.
So, how does one modify zone's policies the proper way?
Thanks and with kind regards,
Michael
More information about the Opendnssec-user
mailing list