> With a bit of patience I can get all keys rolled over and back to valid keys. > I wouldn't advise anyone to do this in a production environment, but it is > possible > to get out of this situation by using normal ODS commands.
The command "ods-ksmutil key rollover --policy uvtonly --keytype ksk" will perform a KSK key rollover on all of the zones attached to that policy. But you are talking about doing a policy rollover, switching from one policy to another. That would be done by changing the policy in the zonelist.xml. The key states indicates that you are using standby keys, which is not supported in the current version. // Rickard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
