During a testing / setup phase I was signing a .eu zone and the KSK was published in the ISC DLV. I have now reached the stage of putting the KSK in the parent nameserver, only to discover they don't support protocol 8. I therefore have to generate a new KSK using protocol 7. To do this, I created a new kasp policy (as other zones share the default) and changed the KSK to protocol 7. However, when I issue a KSK rollover for the zone it doesn't show a new key when I list the keys. I have issued an update-all (and even ods-control stop / start), am I doing something wrong or should a new key appear in the key database?
Scott Armitage
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
