Tom Hendrikx wrote: > On 13/12/10 12:57, Sion Lloyd wrote: > > I wanted to migrate a signed zone to this new setup, and imported the > keys that were already in use. The old keys had alg 7 > (RSASHA1-NSEC3-SHA1), but the policy to which I added the zone had alg 8 > (RSASHA256). After I noticed this error (upon signing), I removed the > zone from ODS, and the keys from the HSM. I'm not really sure how I > exactly did that (the logging has no useful data on that), but it seems > that the keypair entries were not removed from kasp.db. This might just > be a genuine case of PEBKAC :/ > > Only conclusion would be that it would be nice if more logging of > "ods-ksmutil zone *" commands would be available, at least for commands > that change data. Currently 'zone add/delete' do not log anything. Same > goes for ods-hsmutil. >
We've been working internally with a version of ods-ksmutil that logs the command executed. That helps us to track certain changes. If you or any other opendnssec user think it's a useful feature, we could send the patch to the developers. cheers, > > > ------------------------------------------------------------------------ > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user -- Sebastian Castro DNS Specialist .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 495 2337 mobile: +64 21 400535 _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
